| #!/usr/bin/perl -w |
| # |
| # |
| # A script that imports text ebtables rules. Similar to iptables-restore. |
| # It can be used to restore configuration from /etc/sysconfig/ebtables. |
| # |
| |
| use strict; |
| my $ebtables = "__EXEC_PATH__/ebtables"; |
| my $table = ""; |
| my $rc; |
| my $child; |
| my $line; |
| |
| # ============================== |
| # Check table |
| # Creates user chains. |
| # ============================== |
| sub check_chain { |
| if ($table eq "filter") { |
| if ($_[1] eq "INPUT") { return; } |
| if ($_[1] eq "FORWARD") { return; } |
| if ($_[1] eq "OUTPUT") { return; } |
| } |
| if ($table eq "nat") { |
| if ($_[1] eq "PREROUTING") { return; } |
| if ($_[1] eq "POSTROUTING") { return; } |
| if ($_[1] eq "OUTPUT") { return; } |
| } |
| if ($table eq "broute") { |
| if ($_[1] eq "BROUTING") { return; } |
| } |
| $rc = `$ebtables -t $_[0] -N $_[1]`; |
| unless($? == 0) {print "ERROR: $rc\n"; exit -1}; |
| } |
| # ============================== |
| |
| if (-x "__EXEC_PATH__/ebtablesd" && -x "__EXEC_PATH__/ebtablesu") { |
| `killall ebtablesd 2>/dev/null`; |
| $child = fork(); |
| if ($child == 0) { |
| $rc = `__EXEC_PATH__/ebtablesd`; |
| if (!($rc eq "")) { |
| exit -1; |
| } |
| exit 0; |
| } |
| $ebtables = "__EXEC_PATH__/ebtablesu"; |
| while (!(-e "__PIPE__")) { |
| if ((kill 0) < $child) { |
| exit -1; |
| } |
| } |
| } else { |
| unless (-x $ebtables) { print "ERROR: $ebtables isn't executable\n"; exit -1; }; |
| } |
| |
| $line = 0; |
| while(<>) { |
| $line++; |
| if(m/^#/) { next; }; |
| if(m/^$/) { next; }; |
| if ($ebtables eq "__EXEC_PATH__/ebtablesu") { |
| if ((kill 0) < $child) { |
| exit -1; |
| } |
| } |
| if(m/^\*(.*)/) { |
| if (!($table eq "")) { |
| if (!defined($ENV{'EBTABLES_SAVE_COUNTER'}) || !($ENV{'EBTABLES_SAVE_COUNTER'} eq "yes")) { |
| $rc = `$ebtables -t $table -Z`; |
| unless($? == 0) {print "ERROR: $rc\n"; exit -1}; |
| } |
| if ($ebtables eq "__EXEC_PATH__/ebtablesu") { |
| $rc = `$ebtables commit $table`; |
| $rc = `$ebtables free $table`; |
| unless($? == 0) {print "ERROR: $rc\n"; exit -1}; |
| } |
| } |
| $table = $1; |
| if ($ebtables eq "__EXEC_PATH__/ebtablesu") { |
| $rc = `$ebtables open $table`; |
| unless($? == 0) {print "ERROR: $rc\n"; exit -1}; |
| $rc = `$ebtables -F`; |
| unless($? == 0) {print "ERROR: $rc\n"; exit -1}; |
| } else { |
| $rc = `$ebtables -t filter --init-table`; |
| unless($? == 0) {print "ERROR: $rc\n"; exit -1}; |
| } |
| next; |
| } |
| if(m/^\:(.*?)\s(.*)/) { |
| &check_chain($table,$1); |
| $rc = `$ebtables -t $table -P $1 $2`; |
| unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1}; |
| next; |
| } |
| $rc = `$ebtables -t $table $_`; |
| unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1}; |
| } |
| |
| if (!($table eq "")) { |
| if (!defined($ENV{'EBTABLES_SAVE_COUNTER'}) || !($ENV{'EBTABLES_SAVE_COUNTER'} eq "yes")) { |
| $rc = `$ebtables -t $table -Z`; |
| unless($? == 0) {print "ERROR: '-t $table -Z' failed\n"; exit -1}; |
| } |
| if ($ebtables eq "__EXEC_PATH__/ebtablesu") { |
| $rc = `$ebtables commit $table`; |
| unless($? == 0) {print "ERROR: $rc\n"; exit -1}; |
| } |
| } |
| |
| if ($ebtables eq "__EXEC_PATH__/ebtablesu") { |
| $rc = `$ebtables quit`; |
| unless($? == 0) {print "ERROR: $rc\n"; exit -1}; |
| waitpid($child,0); |
| exit 0; |
| } |