18fd73d348
- arptables-nft-helper: Remove bashisms - ebtables-helper: Drop unused variable, add a missing quote - extensions: libxt_string: Avoid buffer size warning for strncpy() - libxtables: Introduce xtables_strdup() and use it everywhere - extensions: libebt_ip6: Use xtables_ip6parse_any() - iptables-apply: Drop unused variable - nft: Avoid buffer size warnings copying iface names - nft: Avoid memleak in error path of nft_cmd_new() - libxtables: Fix memleak in xtopt_parse_hostmask() - extensions: libebt_ip6: Drop unused variables - libxtables: Drop leftover variable in xtables_numeric_to_ip6addr() Resolves: RHBZ#1938745
105 lines
1.9 KiB
Bash
105 lines
1.9 KiB
Bash
#!/bin/bash
|
|
|
|
# compat for removed initscripts dependency
|
|
|
|
success() {
|
|
echo "[ OK ]"
|
|
return 0
|
|
}
|
|
|
|
failure() {
|
|
echo "[FAILED]"
|
|
return 1
|
|
}
|
|
|
|
# internal variables
|
|
EBTABLES_CONFIG=/etc/sysconfig/ebtables-config
|
|
EBTABLES_DATA=/etc/sysconfig/ebtables
|
|
EBTABLES_TABLES="filter nat"
|
|
if ebtables --version | grep -q '(legacy)'; then
|
|
EBTABLES_TABLES+=" broute"
|
|
fi
|
|
VAR_SUBSYS_EBTABLES=/var/lock/subsys/ebtables
|
|
|
|
# ebtables-config defaults
|
|
EBTABLES_SAVE_ON_STOP="no"
|
|
EBTABLES_SAVE_COUNTER="no"
|
|
|
|
# load config if existing
|
|
[ -f "$EBTABLES_CONFIG" ] && . "$EBTABLES_CONFIG"
|
|
|
|
initialize() {
|
|
local ret=0
|
|
for table in $EBTABLES_TABLES; do
|
|
ebtables -t $table --init-table || ret=1
|
|
done
|
|
return $ret
|
|
}
|
|
|
|
sanitize_dump() {
|
|
local drop=false
|
|
|
|
export EBTABLES_TABLES
|
|
|
|
cat $1 | while read line; do
|
|
case $line in
|
|
\**)
|
|
drop=false
|
|
local table="${line#\*}"
|
|
local found=false
|
|
for t in $EBTABLES_TABLES; do
|
|
if [[ $t == "$table" ]]; then
|
|
found=true
|
|
break
|
|
fi
|
|
done
|
|
$found || drop=true
|
|
;;
|
|
esac
|
|
$drop || echo "$line"
|
|
done
|
|
}
|
|
|
|
start() {
|
|
if [ -f $EBTABLES_DATA ]; then
|
|
echo -n $"ebtables: loading ruleset from $EBTABLES_DATA: "
|
|
sanitize_dump $EBTABLES_DATA | ebtables-restore
|
|
else
|
|
echo -n $"ebtables: no stored ruleset, initializing empty tables: "
|
|
initialize
|
|
fi
|
|
local ret=$?
|
|
touch $VAR_SUBSYS_EBTABLES
|
|
return $ret
|
|
}
|
|
|
|
save() {
|
|
echo -n $"ebtables: saving active ruleset to $EBTABLES_DATA: "
|
|
export EBTABLES_SAVE_COUNTER
|
|
ebtables-save >$EBTABLES_DATA && success || failure
|
|
}
|
|
|
|
case $1 in
|
|
start)
|
|
[ -f "$VAR_SUBSYS_EBTABLES" ] && exit 0
|
|
start && success || failure
|
|
RETVAL=$?
|
|
;;
|
|
stop)
|
|
[ "x$EBTABLES_SAVE_ON_STOP" = "xyes" ] && save
|
|
echo -n $"ebtables: stopping firewall: "
|
|
initialize && success || failure
|
|
RETVAL=$?
|
|
rm -f $VAR_SUBSYS_EBTABLES
|
|
;;
|
|
save)
|
|
save
|
|
;;
|
|
*)
|
|
echo "usage: ${0##*/} {start|stop|save}" >&2
|
|
RETVAL=2
|
|
;;
|
|
esac
|
|
|
|
exit $RETVAL
|