Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

executable file 105 lines (88 sloc) 2.285 kb
#!/usr/bin/perl
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
$ENV{'PATH'}='/bin:/usr/bin:/sbin:/usr/sbin/';
$table = shift @ARGV;
if ($table =~ /^([ &:#-\@\w.]+)$/) {
$table = $1; #data is now untainted
} else {
exit(1);
}
$rulefile = shift @ARGV;
if ($rulefile =~ /^([ &:#-\@\w.]+)$/) {
$rulefile = $1; #data is now untainted
} else {
exit(1);
}
if (!$table || !$rulefile || !($table eq "filter" || $table eq "nat") || $rulefile eq "" || !-f $rulefile) {exit 1;}
if ($table eq "nat") {
# system("cp $rulefile $rulefile.save.input");
}
#$output=`iptables-save -ddasdast $table`;
#print "MEH: $meh\n$$ $? $!";
#$rc = system "iptables-save", "-t", "$table", > $rulefile.orig");
open my $fh, '-|' or exec 'iptables-save', ("-t", "$table") or die "iptables-save failed: $!\n";
open(OFH, ">$rulefile.orig") or die "cannot open $rulefile.orig";
$outbuf = "";
while(<$fh>) {
print OFH "$_";
}
close($fh) || die "iptables-save failed\n";
close(OFH);
if ($table eq "nat") {
# system("cp $rulefile.orig $rulefile.save.saved");
}
$rc = $rc>>8;
if ($rc) {
exit(1);
}
$outbuf = "";
open(FH, "$rulefile.orig");
while(<FH>) {
chomp;
my $line = $_;
$line =~ s/\s+$//g;
$line =~ s/^\s+//g;
if ($line eq "COMMIT") {
# time to load the input rules
open (RFH, "$rulefile");
while(<RFH>) {
chomp;
my $line = $_;
$line =~ s/\s+$//g;
$line =~ s/^\s+//g;
if ($line ne "" && !$rulehash{$line}) {
$buf .= "$line\n";
$rulehash{$line} = 1;
}
}
close(RFH);
}
if ($line ne "" && !$rulehash{$line}) {
$buf .= "$line\n";
$rulehash{$line} = 1;
}
}
close(FH);
open (OFH, ">$rulefile.new");
print OFH "$buf\n";
close(OFH);
if (!-f "$rulefile.new") {
unlink("$rulefile.orig");
exit(1);
}
open my $fh, '|-' or exec 'iptables-restore' or die "iptables-restore failed: $!\n";
open(IFH, "$rulefile.new") or die "cannot open $rulefile.new";
while(<IFH>) {
print $fh "$_";
}
close($fh) || die "iptables-restore failed\n";
close(IFH);
#$rc = system("iptables-restore < $rulefile.new");
#$rc = $rc>>8;
if ($table eq "nat") {
# system("cp $rulefile.new $rulefile.save.torestore");
# system("iptables-save > $rulefile.save.final");
}
unlink("$rulefile.orig");
unlink("$rulefile.new");
exit($rc);
Jump to Line
Something went wrong with that request. Please try again.