118 lines
3.4 KiB
Perl
118 lines
3.4 KiB
Perl
#!/usr/bin/perl -w
|
|
#
|
|
#
|
|
# A script that imports text ebtables rules. Similar to iptables-restore.
|
|
# It can be used to restore configuration from /etc/sysconfig/ebtables.
|
|
#
|
|
|
|
use strict;
|
|
my $ebtables = "__EXEC_PATH__/ebtables";
|
|
my $table = "";
|
|
my $rc;
|
|
my $child;
|
|
my $line;
|
|
|
|
# ==============================
|
|
# Check table
|
|
# Creates user chains.
|
|
# ==============================
|
|
sub check_chain {
|
|
if ($table eq "filter") {
|
|
if ($_[1] eq "INPUT") { return; }
|
|
if ($_[1] eq "FORWARD") { return; }
|
|
if ($_[1] eq "OUTPUT") { return; }
|
|
}
|
|
if ($table eq "nat") {
|
|
if ($_[1] eq "PREROUTING") { return; }
|
|
if ($_[1] eq "POSTROUTING") { return; }
|
|
if ($_[1] eq "OUTPUT") { return; }
|
|
}
|
|
if ($table eq "broute") {
|
|
if ($_[1] eq "BROUTING") { return; }
|
|
}
|
|
$rc = `$ebtables -t $_[0] -N $_[1]`;
|
|
unless($? == 0) {print "ERROR: $rc\n"; exit -1};
|
|
}
|
|
# ==============================
|
|
|
|
if (-x "__EXEC_PATH__/ebtablesd" && -x "__EXEC_PATH__/ebtablesu") {
|
|
`killall ebtablesd 2>/dev/null`;
|
|
$child = fork();
|
|
if ($child == 0) {
|
|
$rc = `__EXEC_PATH__/ebtablesd`;
|
|
if (!($rc eq "")) {
|
|
exit -1;
|
|
}
|
|
exit 0;
|
|
}
|
|
$ebtables = "__EXEC_PATH__/ebtablesu";
|
|
while (!(-e "__PIPE__")) {
|
|
if ((kill 0) < $child) {
|
|
exit -1;
|
|
}
|
|
}
|
|
} else {
|
|
unless (-x $ebtables) { print "ERROR: $ebtables isn't executable\n"; exit -1; };
|
|
}
|
|
|
|
$line = 0;
|
|
while(<>) {
|
|
$line++;
|
|
if(m/^#/) { next; };
|
|
if(m/^$/) { next; };
|
|
if ($ebtables eq "__EXEC_PATH__/ebtablesu") {
|
|
if ((kill 0) < $child) {
|
|
exit -1;
|
|
}
|
|
}
|
|
if(m/^\*(.*)/) {
|
|
if (!($table eq "")) {
|
|
if (!defined($ENV{'EBTABLES_SAVE_COUNTER'}) || !($ENV{'EBTABLES_SAVE_COUNTER'} eq "yes")) {
|
|
$rc = `$ebtables -t $table -Z`;
|
|
unless($? == 0) {print "ERROR: $rc\n"; exit -1};
|
|
}
|
|
if ($ebtables eq "__EXEC_PATH__/ebtablesu") {
|
|
$rc = `$ebtables commit $table`;
|
|
$rc = `$ebtables free $table`;
|
|
unless($? == 0) {print "ERROR: $rc\n"; exit -1};
|
|
}
|
|
}
|
|
$table = $1;
|
|
if ($ebtables eq "__EXEC_PATH__/ebtablesu") {
|
|
$rc = `$ebtables open $table`;
|
|
unless($? == 0) {print "ERROR: $rc\n"; exit -1};
|
|
$rc = `$ebtables -F`;
|
|
unless($? == 0) {print "ERROR: $rc\n"; exit -1};
|
|
} else {
|
|
$rc = `$ebtables -t filter --init-table`;
|
|
unless($? == 0) {print "ERROR: $rc\n"; exit -1};
|
|
}
|
|
next;
|
|
}
|
|
if(m/^\:(.*?)\s(.*)/) {
|
|
&check_chain($table,$1);
|
|
$rc = `$ebtables -t $table -P $1 $2`;
|
|
unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1};
|
|
next;
|
|
}
|
|
$rc = `$ebtables -t $table $_`;
|
|
unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1};
|
|
}
|
|
|
|
if (!($table eq "")) {
|
|
if (!defined($ENV{'EBTABLES_SAVE_COUNTER'}) || !($ENV{'EBTABLES_SAVE_COUNTER'} eq "yes")) {
|
|
$rc = `$ebtables -t $table -Z`;
|
|
unless($? == 0) {print "ERROR: '-t $table -Z' failed\n"; exit -1};
|
|
}
|
|
if ($ebtables eq "__EXEC_PATH__/ebtablesu") {
|
|
$rc = `$ebtables commit $table`;
|
|
unless($? == 0) {print "ERROR: $rc\n"; exit -1};
|
|
}
|
|
}
|
|
|
|
if ($ebtables eq "__EXEC_PATH__/ebtablesu") {
|
|
$rc = `$ebtables quit`;
|
|
unless($? == 0) {print "ERROR: $rc\n"; exit -1};
|
|
waitpid($child,0);
|
|
exit 0;
|
|
}
|