Rok Papez <rok.papez_at_ames.si>

diff --git a/ebtables-restore b/ebtables-restore
new file mode 100644 (file)
index 0000000..171a80c
--- /dev/null
+++ b/ebtables-restore
@@ -0,0 +1,62 @@
+#!/usr/bin/perl -w
+#
+#
+# A script that imports text ebtables rules. Similar to iptables-restore.
+# It can be used to restore configuration from /etc/sysconfig/ebtables.
+#
+
+use strict;
+my $ebtables = "/sbin/ebtables";
+my $table;
+my $rc;
+my $line;
+
+# ==============================
+# Check table
+# Creates user chains.
+# ==============================
+sub check_chain {
+       if ($table eq "filter") {
+               if ($_[1] eq "INPUT") { return; }
+               if ($_[1] eq "FORWARD") { return; }
+               if ($_[1] eq "OUTPUT") { return; }
+       }
+       if ($table eq "nat") {
+               if ($_[1] eq "PREROUTING") { return; }
+               if ($_[1] eq "POSTROUTING") { return; }
+               if ($_[1] eq "OUTPUT") { return; }
+       }
+       if ($table eq "broute") {
+               if ($_[1] eq "BROUTING") { return; }
+       }
+       $rc = `$ebtables -t $_[0] -N $_[1]`;
+        unless($? == 0) {print "ERROR: $rc\n"; exit -1};
+}
+# ==============================
+
+unless (-x $ebtables) { print "ERROR: $ebtables isn't executable\n"; exit -1; };
+$rc = `$ebtables -t filter --init-table`;
+unless($? == 0) { print "ERROR: $rc\n"; exit -1 };
+$rc = `$ebtables -t nat --init-table`;
+unless($? == 0) { print "ERROR: $rc\n"; exit -1 };
+$rc = `$ebtables -t broute --init-table`;
+unless($? == 0) { print "ERROR: $rc\n"; exit -1 };
+
+$line = 0;
+while(<>) {
+    $line++;
+    if(m/^#/) { next; };
+    if(m/^$/) { next; };
+    if(m/^\*(.*)/) {
+        $table = $1;
+        next;
+    }
+    if(m/^\:(.*?)\s(.*)/) {
+       &check_chain($table,$1);
+        $rc = `$ebtables -t $table -P $1 $2`;
+        unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1};
+        next;
+    }
+    $rc = `$ebtables -t $table $_`;
+    unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1};
+}

diff --git a/ebtables-save b/ebtables-save
new file mode 100644 (file)
index 0000000..df30790
--- /dev/null
+++ b/ebtables-save
@@ -0,0 +1,53 @@
+#!/usr/bin/perl -w
+#
+#
+# A script that generates text output of the ebtables rules.
+# Similar to iptables-save.
+#
+# It can be used to store active configuration to /etc/sysconfig/ebtables
+
+use strict;
+my $table;
+
+# ========================================================
+# Process filter table
+# ========================================================
+sub process_table {
+    my $chain = "";
+    my $rules = "";
+    my $chains = "";
+    my $line = "";
+
+    foreach $line (split("\n",$_[0])) {
+        if ($line =~ m/Bridge table: (.*)/) {
+            print "*$1\n";
+            next;
+        }
+        if ($line =~ m/Bridge chain: (.*?), entries:.* policy: (.*)/) {
+            $chains = $chains . ":$1 $2\n";
+            $chain = $1;
+            next;
+        }
+        if ($line =~ m/^$/) {
+            next;
+        }
+        $rules = $rules . "-A $chain $line\n";
+    }
+
+    print $chains;
+    print $rules;
+    print "\n";
+}
+# ========================================================
+
+unless (-x "/sbin/ebtables") { exit -1 };
+$table =`/sbin/ebtables -t filter -L`;
+unless ($? == 0) { print $table; exit -1 };
+&process_table($table);
+$table =`/sbin/ebtables -t nat -L`;
+unless ($? == 0) { print $table; exit -1 };
+&process_table($table);
+$table =`/sbin/ebtables -t broute -L`;
+unless ($? == 0) { print $table; exit -1 };
+&process_table($table);
+