1#!/usr/bin/perl -w 2# 3# 4# A script that generates text output of the ebtables rules. 5# Similar to iptables-save. 6# 7# It can be used to store active configuration to /etc/sysconfig/ebtables 8 9use strict; 10my $table; 11my $ebtables = "__EXEC_PATH__/ebtables"; 12my $cnt = ""; 13my $version = "1.0"; 14my $table_name; 15 16# ======================================================== 17# Process filter table 18# ======================================================== 19sub process_table { 20 my $chain = ""; 21 my $rules = ""; 22 my $chains = ""; 23 my $line = ""; 24 25 foreach $line (split("\n",$_[0])) { 26 if ($line =~ m/Bridge table: (.*)/) { 27 print "*$1\n"; 28 next; 29 } 30 if ($line =~ m/Bridge chain: (.*?), entries:.* policy: (.*)/) { 31 $chains = $chains . ":$1 $2\n"; 32 $chain = $1; 33 next; 34 } 35 if ($line =~ m/^$/) { 36 next; 37 } 38 if ($cnt eq "--Lc") { 39 $line =~ s/, pcnt = (.*) -- bcnt = (.*)/-c $1 $2/; 40 } else { 41 $line =~ s/ $//; 42 } 43 $rules = $rules . "-A $chain $line\n"; 44 } 45 46 print $chains; 47 print $rules; 48 print "\n"; 49} 50# ======================================================== 51 52unless (-x $ebtables) { exit -1 }; 53print "# Generated by ebtables-save v$version on " . `date`; 54if (defined($ENV{'EBTABLES_SAVE_COUNTER'}) && $ENV{'EBTABLES_SAVE_COUNTER'} eq "yes") { 55 $cnt = "--Lc"; 56} 57foreach $table_name (split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`)) { 58 $table =`$ebtables -t $table_name -L $cnt`; 59 unless ($? == 0) { print $table; exit -1 }; 60 &process_table($table); 61} 62