ebtables-restore


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

#!/usr/bin/perl -w
#
#
# A script that imports text ebtables rules. Similar to iptables-restore.
# It can be used to restore configuration from /etc/sysconfig/ebtables.
#

use strict;
my $ebtables = "__EXEC_PATH__/ebtables";
my $table = "";
my $rc;
my $child;
my $line;

# ==============================
# Check table
# Creates user chains.
# ==============================
sub check_chain {
    if ($table eq "filter") {
        if ($_[1] eq "INPUT") { return; }
        if ($_[1] eq "FORWARD") { return; }
        if ($_[1] eq "OUTPUT") { return; }
    }
    if ($table eq "nat") {
        if ($_[1] eq "PREROUTING") { return; }
        if ($_[1] eq "POSTROUTING") { return; }
        if ($_[1] eq "OUTPUT") { return; }
    }
    if ($table eq "broute") {
        if ($_[1] eq "BROUTING") { return; }
    }
    $rc = `$ebtables -t $_[0] -N $_[1]`;
    unless($? == 0) {print "ERROR: $rc\n"; exit -1};
}
# ==============================

if (-x "__EXEC_PATH__/ebtablesd" && -x "__EXEC_PATH__/ebtablesu") {
    `killall ebtablesd 2>/dev/null`;
    $child = fork();
    if ($child == 0) {
        $rc = `__EXEC_PATH__/ebtablesd`;
	if (!($rc eq "")) {
            exit -1;
        }
        exit 0;
    }
    $ebtables = "__EXEC_PATH__/ebtablesu";
    while (!(-e "__PIPE__")) {
        if ((kill 0) < $child) {
            exit -1;
        }
    }
} else {
    unless (-x $ebtables) { print "ERROR: $ebtables isn't executable\n"; exit -1; };
}

$line = 0;
while(<>) {
    $line++;
    if(m/^#/) { next; };
    if(m/^$/) { next; };
    if ($ebtables eq "__EXEC_PATH__/ebtablesu") {
        if ((kill 0) < $child) {
            exit -1;
        }
    }
    if(m/^\*(.*)/) {
        if (!($table eq "")) {
            if (!defined($ENV{'EBTABLES_SAVE_COUNTER'}) || !($ENV{'EBTABLES_SAVE_COUNTER'} eq "yes")) {
                $rc = `$ebtables -t $table -Z`;
                unless($? == 0) {print "ERROR: $rc\n"; exit -1};
            }
            if ($ebtables eq "__EXEC_PATH__/ebtablesu") {
                $rc = `$ebtables commit $table`;
                $rc = `$ebtables free $table`;
                unless($? == 0) {print "ERROR: $rc\n"; exit -1};
           }
        }
        $table = $1;
        if ($ebtables eq "__EXEC_PATH__/ebtablesu") {
            $rc = `$ebtables open $table`;
            unless($? == 0) {print "ERROR: $rc\n"; exit -1};
            $rc = `$ebtables -F`;
            unless($? == 0) {print "ERROR: $rc\n"; exit -1};
        } else {
            $rc = `$ebtables -t filter --init-table`;
            unless($? == 0) {print "ERROR: $rc\n"; exit -1};
        }
        next;
    }
    if(m/^\:(.*?)\s(.*)/) {
        &check_chain($table,$1);
        $rc = `$ebtables -t $table -P $1 $2`;
        unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1};
        next;
    }
    $rc = `$ebtables -t $table $_`;
    unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1};
}

if (!($table eq "")) {
    if (!defined($ENV{'EBTABLES_SAVE_COUNTER'}) || !($ENV{'EBTABLES_SAVE_COUNTER'} eq "yes")) {
        $rc = `$ebtables -t $table -Z`;
        unless($? == 0) {print "ERROR: '-t $table -Z' failed\n"; exit -1};
    }
    if ($ebtables eq "__EXEC_PATH__/ebtablesu") {
        $rc = `$ebtables commit $table`;
        unless($? == 0) {print "ERROR: $rc\n"; exit -1};
    }
}

if ($ebtables eq "__EXEC_PATH__/ebtablesu") {
    $rc = `$ebtables quit`;
    unless($? == 0) {print "ERROR: $rc\n"; exit -1};
    waitpid($child,0);
    exit 0;
}