| #!/usr/bin/perl -w |
| # A script that imports text arptables rules. Similar to iptables-restore. |
| |
| use strict; |
| my $tool = "__EXEC_PATH__/arptables"; |
| my $table; |
| my $rc; |
| my $line; |
| |
| # ============================== |
| # clear_arptables |
| # - sets policy to accept |
| # - flushes chains |
| # - removes custom chains |
| # ============================== |
| sub clear_arptables { |
| $rc = `$tool -P INPUT ACCEPT`; |
| unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; |
| $rc = `$tool -P FORWARD ACCEPT`; |
| unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; |
| $rc = `$tool -P OUTPUT ACCEPT`; |
| unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; |
| |
| $rc = `$tool -F`; |
| unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; |
| |
| $rc = `$tool -L`; |
| unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; |
| |
| foreach $line (split("\n",$rc)) { |
| unless ($line =~ m/Chain\s(.*?)\s\(.*references\)/) { next; } |
| $rc = `$tool -X $1`; |
| unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; |
| } |
| } |
| # ============================== |
| |
| |
| unless (-x $tool) { print "ERROR: $tool isn't executable\n"; exit -1; }; |
| &clear_arptables(); |
| |
| $line = 0; |
| while(<>) { |
| $line++; |
| if(m/^#/) { next; }; |
| if(m/^$/) { next; }; |
| |
| if(m/^\*(.*)/) { |
| $table = $1; |
| next; |
| } |
| |
| # Process a chain directive |
| if(m/^\:(.*?)\s(.*)/) { |
| # is it a user or a built in chain ? |
| if ("$2" eq "-") { |
| $rc = `$tool -t $table -N $1`; |
| unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1}; |
| next; |
| } |
| $rc = `$tool -t $table -P $1 $2`; |
| unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1}; |
| next; |
| } |
| $rc = `$tool -t $table $_`; |
| unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1}; |
| } |