From 865444dd154e06ae67a79bf5c33a00d122296995 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Tue, 14 Jun 2005 19:17:48 +0000 Subject: Rok Papez --- ebtables-restore | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ebtables-save | 53 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) create mode 100644 ebtables-restore create mode 100644 ebtables-save diff --git a/ebtables-restore b/ebtables-restore new file mode 100644 index 0000000..171a80c --- /dev/null +++ b/ebtables-restore @@ -0,0 +1,62 @@ +#!/usr/bin/perl -w +# +# +# A script that imports text ebtables rules. Similar to iptables-restore. +# It can be used to restore configuration from /etc/sysconfig/ebtables. +# + +use strict; +my $ebtables = "/sbin/ebtables"; +my $table; +my $rc; +my $line; + +# ============================== +# Check table +# Creates user chains. +# ============================== +sub check_chain { + if ($table eq "filter") { + if ($_[1] eq "INPUT") { return; } + if ($_[1] eq "FORWARD") { return; } + if ($_[1] eq "OUTPUT") { return; } + } + if ($table eq "nat") { + if ($_[1] eq "PREROUTING") { return; } + if ($_[1] eq "POSTROUTING") { return; } + if ($_[1] eq "OUTPUT") { return; } + } + if ($table eq "broute") { + if ($_[1] eq "BROUTING") { return; } + } + $rc = `$ebtables -t $_[0] -N $_[1]`; + unless($? == 0) {print "ERROR: $rc\n"; exit -1}; +} +# ============================== + +unless (-x $ebtables) { print "ERROR: $ebtables isn't executable\n"; exit -1; }; +$rc = `$ebtables -t filter --init-table`; +unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; +$rc = `$ebtables -t nat --init-table`; +unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; +$rc = `$ebtables -t broute --init-table`; +unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; + +$line = 0; +while(<>) { + $line++; + if(m/^#/) { next; }; + if(m/^$/) { next; }; + if(m/^\*(.*)/) { + $table = $1; + next; + } + if(m/^\:(.*?)\s(.*)/) { + &check_chain($table,$1); + $rc = `$ebtables -t $table -P $1 $2`; + unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1}; + next; + } + $rc = `$ebtables -t $table $_`; + unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1}; +} diff --git a/ebtables-save b/ebtables-save new file mode 100644 index 0000000..df30790 --- /dev/null +++ b/ebtables-save @@ -0,0 +1,53 @@ +#!/usr/bin/perl -w +# +# +# A script that generates text output of the ebtables rules. +# Similar to iptables-save. +# +# It can be used to store active configuration to /etc/sysconfig/ebtables + +use strict; +my $table; + +# ======================================================== +# Process filter table +# ======================================================== +sub process_table { + my $chain = ""; + my $rules = ""; + my $chains = ""; + my $line = ""; + + foreach $line (split("\n",$_[0])) { + if ($line =~ m/Bridge table: (.*)/) { + print "*$1\n"; + next; + } + if ($line =~ m/Bridge chain: (.*?), entries:.* policy: (.*)/) { + $chains = $chains . ":$1 $2\n"; + $chain = $1; + next; + } + if ($line =~ m/^$/) { + next; + } + $rules = $rules . "-A $chain $line\n"; + } + + print $chains; + print $rules; + print "\n"; +} +# ======================================================== + +unless (-x "/sbin/ebtables") { exit -1 }; +$table =`/sbin/ebtables -t filter -L`; +unless ($? == 0) { print $table; exit -1 }; +&process_table($table); +$table =`/sbin/ebtables -t nat -L`; +unless ($? == 0) { print $table; exit -1 }; +&process_table($table); +$table =`/sbin/ebtables -t broute -L`; +unless ($? == 0) { print $table; exit -1 }; +&process_table($table); + -- cgit v1.2.3