home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2000 February
/
PCWorld_2000-02_cd.bin
/
live
/
sbin
/
ipchains-save
< prev
next >
Wrap
Text File
|
1998-12-05
|
4KB
|
174 lines
#! /bin/bash
MYVERSION="1.0.3"
help()
{
exec 1>&2
echo `basename $0` v$MYVERSION: Script to save firewall chains to stdout.
echo
echo " Takes an optional chain-name (used to save a single chain), otherwise"
echo " it saves all chains."
echo " With the -v option, prints out every rule."
exit 1
}
dotted()
{
echo $((($1 >> 24) & 0xFF)).$((($1 >> 16) & 0xFF)).$((($1 >> 8) & 0xFF)).$(($1 & 0xFF))
}
genip()
{
IP=0x`echo $1 | sed 's:/.*::'`
MASK=0x`echo $1 | sed 's:.*/::'`
echo `dotted $IP`/`dotted $MASK`
}
WHICHCHAIN=""
VERBOSE=0
IP_CHAINS_FILE=/proc/net/ip_fwchains
#IP_CHAINS_FILE=ip_fwchains.dummy
IP_CHAINNAMES_FILE=/proc/net/ip_fwnames
#IP_CHAINNAMES_FILE=ip_fwnames.dummy
for arg
do
case "$arg"
in
-v) VERBOSE=1 ;;
-*) help ;;
*) if [ x"$WHICHCHAIN" != x ]; then help; fi; WHICHCHAIN="$arg" ;;
esac
done
if [ ! -f $IP_CHAINS_FILE ]
then
exec 1>&2
echo \`$IP_CHAINS_FILE\' does not exist.
echo \(Does this kernel support IP Firewall Chains\?\)
exit 1
fi
# "%9s " /* Chain name */
# "%08lX/%08lX->%08lX/%08lX " /* Source & Destination IPs */
# "%.16s " /* Interface */
# "%hX %hX " /* fw_flg and fw_invflg fields */
# "%hu " /* Protocol */
# "%-9lu %-9lu %-9lu %-9lu " /* Packet & byte counters */
# "%hu-%hu %hu-%hu " /* Source & Dest port ranges */
# "A%02X X%02X " /* TOS and and xor masks */
# "%08X " /* Redirection port */
# "%hu " /* fw_mark field */
# "%hu " /* output size */
# "%9s\n", /* Target */
LASTCHAIN=" "
# Do chain names first.
dd if=$IP_CHAINNAMES_FILE bs=1024 2>/dev/null | while read CHN POL REFCNT
do
if [ -z "$WHICHCHAIN" -o x"$WHICHCHAIN" = x"$CHN" ]
then
echo ":$CHN $POL"
fi
done
dd if=$IP_CHAINS_FILE bs=1024 2>/dev/null |
while read CHAIN SRCDST IFACE FLG INVFLG PROTO IGN1 IGN2 IGN3 IGN4 SRCPT DSTPT TOSAND TOSXOR REDIR MARK OUTSIZE TARGET
do
if [ -z "$WHICHCHAIN" -o x"$WHICHCHAIN" = x"$CHAIN" ]
then
if [ "$CHAIN" != "$LASTCHAIN" ]
then
echo Saving \`$CHAIN\'. 1>&2
LASTCHAIN=$CHAIN
fi
echo -n "-A $CHAIN "
LINE=""
if [ "$SRCPT" = "0-65535" ]
then
SRCPT=""
else
SRCPT=`echo $SRCPT | sed s/-/:/`
let $((0x$INVFLG & 0x0008)) && SRCPT="! $SRCPT"
fi
LINE="$LINE -s"
let $((0x$INVFLG & 0x0001)) && LINE="$LINE !"
IPADDR=`genip \`echo $SRCDST | sed 's/->.*//'\``
LINE="$LINE $IPADDR $SRCPT "
if [ "$DSTPT" = "0-65535" ]
then
DSTPT=""
else
DSTPT=`echo $DSTPT | sed s/-/:/`
let $((0x$INVFLG & 0x0010)) && DSTPT="! $DSTPT"
fi
LINE="$LINE -d"
let $((0x$INVFLG & 0x0002)) && LINE="$LINE !"
IPADDR=`genip \`echo $SRCDST | sed 's/.*->//'\``
LINE="$LINE $IPADDR $DSTPT"
if [ x"$IFACE" != x- ]
then
LINE="$LINE -i"
let $((0x$INVFLG & 0x0020)) && LINE="$LINE !"
let $((0x$FLG & 0x0010)) && IFACE=${IFACE}+
LINE="$LINE $IFACE "
fi
if [ $PROTO -ne 0 ]
then
LINE="$LINE -p"
let $((0x$INVFLG & 0x0004)) && LINE="$LINE !"
LINE="$LINE $PROTO"
fi
if [ "$TOSAND $TOSXOR" != "AFF X00" ]
then
LINE="$LINE -t `echo $TOSAND $TOSXOR | sed 's/.\([0-9A-Fa-f][0-9A-Fa-f]\)/\1/g'`"
fi
if [ x"$TARGET" = xREDIRECT ]
then
LINE="$LINE -j $TARGET $((0x$REDIR))"
elif [ x"$TARGET" != x- ]
then
LINE="$LINE -j $TARGET"
fi
# Flag analysis. Thank Gnu for bash.
let $((0x$FLG & 0x0001)) && LINE="$LINE -l"
if let $((0x$FLG & 0x0002))
then
let $((0x$INVFLG & 0x0040)) && LINE="$LINE !"
LINE="$LINE -y"
fi
if let $((0x$FLG & 0x0004))
then
let $((0x$INVFLG & 0x0080)) && LINE="$LINE !"
LINE="$LINE -f"
fi
if let $((0x$FLG & 0x0008))
then
LINE="$LINE -m $MARK"
elif [ "$MARK" -ne 0 ]
then
# Bash `feature'. Woohoo!
if let $(($MARK < 0))
then
LINE="$LINE -m $(($MARK))"
else
LINE="$LINE -m +$(($MARK))"
fi
fi
if let $((0x$FLG & 0x0020))
then
LINE="$LINE -o $OUTSIZE"
fi
echo $LINE
if [ $VERBOSE != 0 ]; then echo $LINE 1>&2; fi
fi
done
