diff options
Diffstat (limited to 'meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common')
-rw-r--r-- | meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common new file mode 100644 index 000000000..640025dba --- /dev/null +++ b/meta-networking/recipes-filter/ebtables/ebtables-2.0.10-4/ebtables.common | |||
@@ -0,0 +1,163 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | [ -x /sbin/ebtables ] || exit 1 | ||
4 | |||
5 | EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump | ||
6 | |||
7 | RETVAL=0 | ||
8 | prog="ebtables" | ||
9 | desc="Ethernet bridge filtering" | ||
10 | umask 0077 | ||
11 | |||
12 | #default configuration | ||
13 | EBTABLES_MODULES_UNLOAD="yes" | ||
14 | EBTABLES_LOAD_ON_START="no" | ||
15 | EBTABLES_SAVE_ON_STOP="no" | ||
16 | EBTABLES_SAVE_ON_RESTART="no" | ||
17 | EBTABLES_SAVE_COUNTER="no" | ||
18 | EBTABLES_BACKUP_SUFFIX="~" | ||
19 | |||
20 | config=/etc/default/$prog | ||
21 | [ -f "$config" ] && . "$config" | ||
22 | |||
23 | function get_supported_tables() { | ||
24 | EBTABLES_SUPPORTED_TABLES= | ||
25 | /sbin/ebtables -t filter -L 2>&1 1>/dev/null | grep -q permission | ||
26 | if [ $? -eq 0 ]; then | ||
27 | echo "Error: insufficient privileges to access the ebtables rulesets." | ||
28 | exit 1 | ||
29 | fi | ||
30 | for table in filter nat broute; do | ||
31 | /sbin/ebtables -t $table -L &> /dev/null | ||
32 | if [ $? -eq 0 ]; then | ||
33 | EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table" | ||
34 | fi | ||
35 | done | ||
36 | } | ||
37 | |||
38 | function load() { | ||
39 | RETVAL=0 | ||
40 | get_supported_tables | ||
41 | echo -n "Restoring ebtables rulesets: " | ||
42 | for table in $EBTABLES_SUPPORTED_TABLES; do | ||
43 | echo -n "$table " | ||
44 | if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then | ||
45 | /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit | ||
46 | RET=$? | ||
47 | if [ $RET -ne 0 ]; then | ||
48 | echo -n "(failed) " | ||
49 | RETVAL=$RET | ||
50 | fi | ||
51 | else | ||
52 | echo -n "(no saved state) " | ||
53 | fi | ||
54 | done | ||
55 | if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then | ||
56 | echo -n "no kernel support. " | ||
57 | else | ||
58 | echo -n "done. " | ||
59 | fi | ||
60 | if [ $RETVAL -eq 0 ]; then | ||
61 | echo "ok" | ||
62 | else | ||
63 | echo "fail" | ||
64 | fi | ||
65 | } | ||
66 | |||
67 | function clear() { | ||
68 | RETVAL=0 | ||
69 | get_supported_tables | ||
70 | echo -n "Clearing ebtables rulesets: " | ||
71 | for table in $EBTABLES_SUPPORTED_TABLES; do | ||
72 | echo -n "$table " | ||
73 | /sbin/ebtables -t $table --init-table | ||
74 | done | ||
75 | |||
76 | if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then | ||
77 | for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do | ||
78 | rmmod $mod 2> /dev/null | ||
79 | done | ||
80 | fi | ||
81 | if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then | ||
82 | echo -n "no kernel support. " | ||
83 | else | ||
84 | echo -n "done. " | ||
85 | fi | ||
86 | if [ $RETVAL -eq 0 ]; then | ||
87 | echo "ok" | ||
88 | else | ||
89 | echo "fail" | ||
90 | fi | ||
91 | } | ||
92 | |||
93 | function save() { | ||
94 | RETVAL=0 | ||
95 | get_supported_tables | ||
96 | echo -n "Saving ebtables rulesets: " | ||
97 | for table in $EBTABLES_SUPPORTED_TABLES; do | ||
98 | echo -n "$table " | ||
99 | [ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \ | ||
100 | mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX | ||
101 | /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save | ||
102 | RET=$? | ||
103 | if [ $RET -ne 0 ]; then | ||
104 | echo -n "(failed) " | ||
105 | RETVAL=$RET | ||
106 | else | ||
107 | if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then | ||
108 | /sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z | ||
109 | fi | ||
110 | fi | ||
111 | done | ||
112 | if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then | ||
113 | echo -n "no kernel support. " | ||
114 | else | ||
115 | echo -n "done. " | ||
116 | fi | ||
117 | if [ $RETVAL -eq 0 ]; then | ||
118 | echo "ok" | ||
119 | else | ||
120 | echo "fail" | ||
121 | fi | ||
122 | } | ||
123 | |||
124 | case "$1" in | ||
125 | start) | ||
126 | [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load | ||
127 | ;; | ||
128 | stop) | ||
129 | [ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save | ||
130 | clear | ||
131 | ;; | ||
132 | restart|reload|force-reload) | ||
133 | [ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save | ||
134 | clear | ||
135 | [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load | ||
136 | ;; | ||
137 | load) | ||
138 | load | ||
139 | ;; | ||
140 | save) | ||
141 | save | ||
142 | ;; | ||
143 | status) | ||
144 | get_supported_tables | ||
145 | if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then | ||
146 | echo "No kernel support for ebtables." | ||
147 | RETVAL=1 | ||
148 | else | ||
149 | echo -n "Ebtables support available, number of installed rules: " | ||
150 | for table in $EBTABLES_SUPPORTED_TABLES; do | ||
151 | COUNT=$(( $(/sbin/ebtables -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 )) | ||
152 | echo -n "$table($COUNT) " | ||
153 | done | ||
154 | echo ok | ||
155 | RETVAL=0 | ||
156 | fi | ||
157 | ;; | ||
158 | *) | ||
159 | echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2 | ||
160 | RETVAL=1 | ||
161 | esac | ||
162 | |||
163 | exit $RETVAL | ||