Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

executable file 104 lines (88 sloc) 2.285 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
#!/usr/bin/perl

delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
$ENV{'PATH'}='/bin:/usr/bin:/sbin:/usr/sbin/';

$table = shift @ARGV;
if ($table =~ /^([ &:#-\@\w.]+)$/) {
    $table = $1; #data is now untainted
} else {
    exit(1);
}

$rulefile = shift @ARGV;
if ($rulefile =~ /^([ &:#-\@\w.]+)$/) {
    $rulefile = $1; #data is now untainted
} else {
    exit(1);
}

if (!$table || !$rulefile || !($table eq "filter" || $table eq "nat") || $rulefile eq "" || !-f $rulefile) {exit 1;}

if ($table eq "nat") {
# system("cp $rulefile $rulefile.save.input");
}

#$output=`iptables-save -ddasdast $table`;
#print "MEH: $meh\n$$ $? $!";

#$rc = system "iptables-save", "-t", "$table", > $rulefile.orig");
open my $fh, '-|' or exec 'iptables-save', ("-t", "$table") or die "iptables-save failed: $!\n";
open(OFH, ">$rulefile.orig") or die "cannot open $rulefile.orig";
$outbuf = "";
while(<$fh>) {
    print OFH "$_";
}
close($fh) || die "iptables-save failed\n";
close(OFH);
if ($table eq "nat") {
# system("cp $rulefile.orig $rulefile.save.saved");
}

$rc = $rc>>8;
if ($rc) {
    exit(1);
}

$outbuf = "";
open(FH, "$rulefile.orig");
while(<FH>) {
    chomp;
    my $line = $_;
    $line =~ s/\s+$//g;
    $line =~ s/^\s+//g;
    if ($line eq "COMMIT") {
# time to load the input rules
open (RFH, "$rulefile");
while(<RFH>) {
chomp;
my $line = $_;
$line =~ s/\s+$//g;
$line =~ s/^\s+//g;
if ($line ne "" && !$rulehash{$line}) {
$buf .= "$line\n";
$rulehash{$line} = 1;
}
}
close(RFH);
    }
    if ($line ne "" && !$rulehash{$line}) {
$buf .= "$line\n";
$rulehash{$line} = 1;
    }

}
close(FH);

open (OFH, ">$rulefile.new");
print OFH "$buf\n";
close(OFH);
if (!-f "$rulefile.new") {
    unlink("$rulefile.orig");
    exit(1);
}


open my $fh, '|-' or exec 'iptables-restore' or die "iptables-restore failed: $!\n";
open(IFH, "$rulefile.new") or die "cannot open $rulefile.new";
while(<IFH>) {
    print $fh "$_";
}
close($fh) || die "iptables-restore failed\n";
close(IFH);

#$rc = system("iptables-restore < $rulefile.new");
#$rc = $rc>>8;

if ($table eq "nat") {
# system("cp $rulefile.new $rulefile.save.torestore");
# system("iptables-save > $rulefile.save.final");
}

unlink("$rulefile.orig");
unlink("$rulefile.new");
exit($rc);
Something went wrong with that request. Please try again.