libs/savedynamic/files/savedynamic.sh

   1 #!/bin/sh
   2
   3 . /etc/functions.sh
   4
   5 savedynamic_print_table_chain() {
   6         local table="$1"
   7         local chain="$2"
   8         local fsave="$3"
   9         local fsavetmp="$fsave"".tmp"
  10         local next_table_line
  11         local cur_table_line
  12         local table_line
  13         table_line="$(($(grep -n "^*$table" "$fsave" | cut -f1 -d: ) + 1))"
  14         tail -n+$table_line $fsave >"$fsavetmp"
  15         for cur_table_line in $(grep -n "^*" "$fsavetmp"); do
  16                 [ -z "$next_table_line" ] && {
  17                         local lineno="$(echo $cur_table_line | cut -f1 -d:)"
  18                         [ -n "$lineno" ] && [ "$lineno" -gt $(($table_line - 1)) ] && {
  19                                 next_table_line=$lineno
  20                         }
  21                 }
  22         done
  23         [ -z "$next_table_line" ] && {
  24                 next_table_line="$(cat $fsavetmp|wc -l)"
  25         }
  26         next_table_line=$(($next_table_line - 1))
  27         head -n $next_table_line "$fsave.tmp" | grep $chain | grep -Ev "^:$chain"
  28         rm -f "$fsavetmp"
  29 }
  30
  31 savedynamic_save_fw_chain() {
  32         local chain
  33         local table
  34         local fsave="/tmp/.firewall/save"
  35
  36         config_get chain $1 chain
  37         config_get table $1 table filter
  38         [ -z "$chain" ] && return 0
  39         mkdir -p /tmp/.firewall
  40         iptables-save >"$fsave"
  41         savedynamic_print_table_chain $table $chain "$fsave" > /tmp/.firewall/save-$table-$chain
  42
  43 }
  44
  45 savedynamic_load_fw_chain() {
  46         local chain
  47         local table
  48
  49         config_get chain $1 chain
  50         config_get table $1 table filter
  51         [ -e /tmp/.firewall/save-$table-$chain ] && [ "$(cat /tmp/.firewall/save-$table-$chain | wc -l)" -ge 1 ] && {
  52                 iptables -t $table -N $chain
  53                 while read line; do
  54                         sh -c "iptables -t $table $line"
  55                 done < /tmp/.firewall/save-$table-$chain
  56                 rm /tmp/.firewall/save-$table-$chain
  57         }
  58 }
  59
  60 savedynamic_pre_stop_cb() {
  61         echo "Saving dynamic firewall chains"
  62         config_load firewall
  63
  64         config_foreach savedynamic_save_fw_chain save
  65 }
  66
  67 savedynamic_post_core_cb() {
  68         echo "Loading dynamic firewall chains"
  69
  70         config_load firewall
  71         config_foreach savedynamic_load_fw_chain save
  72 }