Attachment #415972 for bug #540198

View | Details | Raw Unified | Return to bug 540198 | Differences between
Collapse All | Expand All




#! /bin/sh

main() {
    local NFTABLES_SAVE=${2:-'/var/lib/nftables/rules-save'}
    local retval
    case "$1" in
        "clear")
            if ! use_legacy; then
                nft flush ruleset
            else
                clear_legacy
            fi
            retval=$?
        ;;
        "list")
            if ! use_legacy; then
                nft list ruleset
            else
                list_legacy
            fi
            retval=$?
        ;;
        "load")
            nft -f ${NFTABLES_SAVE}
            retval=$?
        ;;
        "store")
            local tmp_save="${NFTABLES_SAVE}.tmp"
            if ! use_legacy; then
                nft list ruleset > ${tmp_save}
            else
                save_legacy ${tmp_save}
            fi
            retval=$?
            if [ ${retval} ]; then
                mv ${tmp_save} ${NFTABLES_SAVE}
            fi
        ;;
    esac
    return ${retval}
}

clear_legacy() {
    local l3f line table chain first_line

    first_line=1
    if manualwalk; then
        for l3f in $(getfamilies); do
            nft list tables ${l3f} | while read line; do
                table=$(echo ${line} | sed "s/table[ \t]*//")
                deletetable ${l3f} ${table}
            done
        done
    else
        nft list tables | while read line; do
            l3f=$(echo ${line} | cut -d ' ' -f2)
            table=$(echo ${line} | cut -d ' ' -f3)
            deletetable ${l3f} ${table}
        done
    fi
}

list_legacy() {
    local l3f

    if manualwalk; then
        for l3f in $(getfamilies); do
            nft list tables ${l3f} | while read line; do
                line=$(echo ${line} | sed "s/table/table ${l3f}/")
                echo "$(nft list ${line})"
            done
        done
    else
        nft list tables | while read line; do
            echo "$(nft list ${line})"
        done
    fi
}

save_legacy() {
    tmp_save=$1
    touch "${tmp_save}"
    if manualwalk; then
        for l3f in $(getfamilies); do
            nft list tables ${l3f} | while read line; do
                line=$(echo ${line} | sed "s/table/table ${l3f}/")
                nft ${SAVE_OPTIONS} list ${line} >> ${tmp_save}
            done
        done
    else
        nft list tables | while read line; do
            nft ${SAVE_OPTIONS} list ${line} >> "${tmp_save}"
        done
    fi
}

use_legacy() {
    local major_ver minor_ver

    major_ver=$(uname -r | cut -d '.' -f1)
    minor_ver=$(uname -r | cut -d '.' -f2)

    [[ $major_ver -ge 4 || $major_ver -eq 3 && $minor_ver -ge 18 ]] && return 1
    return 0
}

CHECK_TABLE_NAME="GENTOO_CHECK_TABLE"

getfamilies() {
    local l3f families

    for l3f in ip arp ip6 bridge inet; do
        if nft create table ${l3f} ${CHECK_TABLE_NAME} > /dev/null 2>&1; then
            families="${families}${l3f} "
            nft delete table ${l3f} ${CHECK_TABLE_NAME}
        fi
    done
    echo ${families}
}

manualwalk() {
    local result l3f=`getfamilies | cut -d ' ' -f1`

    nft create table ${l3f} ${CHECK_TABLE_NAME}
    nft list tables | read line
    if [ $(echo $line | wc -w) -lt 3 ]; then
        result=0
    fi
    result=1
    nft delete table ${l3f} ${CHECK_TABLE_NAME}

    return $result
}

deletetable() {
    # family is $1
    # table name is $2
    nft flush table $1 $2
    nft list table $1 $2 | while read l; do
        chain=$(echo $l | grep -o 'chain [^[:space:]]\+' | cut -d ' ' -f2)
        if [ -n "${chain}" ]; then
            nft flush chain $1 $2 ${chain}
            nft delete chain $1 $2 ${chain}
        fi
    done
    nft delete table $1 $2
}

main "$@"
exit $?

Return to bug 540198

Line 0 Link Here

(-)net-firewall/nftables/files/libexec/nftables.sh (-1 / +150 lines)
0	-	1	#! /bin/sh
		2
		3	main() {
		4	local NFTABLES_SAVE=${2:-'/var/lib/nftables/rules-save'}
		5	local retval
		6	case "$1" in
		7	"clear")
		8	if ! use_legacy; then
		9	nft flush ruleset
		10	else
		11	clear_legacy
		12	fi
		13	retval=$?
		14	;;
		15	"list")
		16	if ! use_legacy; then
		17	nft list ruleset
		18	else
		19	list_legacy
		20	fi
		21	retval=$?
		22	;;
		23	"load")
		24	nft -f ${NFTABLES_SAVE}
		25	retval=$?
		26	;;
		27	"store")
		28	local tmp_save="${NFTABLES_SAVE}.tmp"
		29	if ! use_legacy; then
		30	nft list ruleset > ${tmp_save}
		31	else
		32	save_legacy ${tmp_save}
		33	fi
		34	retval=$?
		35	if [ ${retval} ]; then
		36	mv ${tmp_save} ${NFTABLES_SAVE}
		37	fi
		38	;;
		39	esac
		40	return ${retval}
		41	}
		42
		43	clear_legacy() {
		44	local l3f line table chain first_line
		45
		46	first_line=1
		47	if manualwalk; then
		48	for l3f in $(getfamilies); do
		49	nft list tables ${l3f} \| while read line; do
		50	table=$(echo ${line} \| sed "s/table[ \t]*//")
		51	deletetable ${l3f} ${table}
		52	done
		53	done
		54	else
		55	nft list tables \| while read line; do
		56	l3f=$(echo ${line} \| cut -d ' ' -f2)
		57	table=$(echo ${line} \| cut -d ' ' -f3)
		58	deletetable ${l3f} ${table}
		59	done
		60	fi
		61	}
		62
		63	list_legacy() {
		64	local l3f
		65
66	if manualwalk; then
67	for l3f in $(getfamilies); do
68	nft list tables ${l3f} \| while read line; do
69	line=$(echo ${line} \| sed "s/table/table ${l3f}/")
70	echo "$(nft list ${line})"
71	done
72	done
73	else
74	nft list tables \| while read line; do
75	echo "$(nft list ${line})"
76	done
77	fi
78	}
79
80	save_legacy() {
81	tmp_save=$1
82	touch "${tmp_save}"
83	if manualwalk; then
84	for l3f in $(getfamilies); do
85	nft list tables ${l3f} \| while read line; do
86	line=$(echo ${line} \| sed "s/table/table ${l3f}/")
87	nft ${SAVE_OPTIONS} list ${line} >> ${tmp_save}
88	done
89	done
90	else
91	nft list tables \| while read line; do
92	nft ${SAVE_OPTIONS} list ${line} >> "${tmp_save}"
93	done
94	fi
95	}
96
97	use_legacy() {
98	local major_ver minor_ver
99
100	major_ver=$(uname -r \| cut -d '.' -f1)
101	minor_ver=$(uname -r \| cut -d '.' -f2)
102
103	[[ $major_ver -ge 4 \|\| $major_ver -eq 3 && $minor_ver -ge 18 ]] && return 1
104	return 0
105	}
106
107	CHECK_TABLE_NAME="GENTOO_CHECK_TABLE"
108
109	getfamilies() {
110	local l3f families
111
112	for l3f in ip arp ip6 bridge inet; do
113	if nft create table ${l3f} ${CHECK_TABLE_NAME} > /dev/null 2>&1; then
114	families="${families}${l3f} "
115	nft delete table ${l3f} ${CHECK_TABLE_NAME}
116	fi
117	done
118	echo ${families}
119	}
120
121	manualwalk() {
122	local result l3f=`getfamilies \| cut -d ' ' -f1`
123
124	nft create table ${l3f} ${CHECK_TABLE_NAME}
125	nft list tables \| read line
126	if [ $(echo $line \| wc -w) -lt 3 ]; then
127	result=0
128	fi
129	result=1
130	nft delete table ${l3f} ${CHECK_TABLE_NAME}
131
132	return $result
133	}
134
135	deletetable() {
136	# family is $1
137	# table name is $2
138	nft flush table $1 $2
139	nft list table $1 $2 \| while read l; do
140	chain=$(echo $l \| grep -o 'chain [^[:space:]]\+' \| cut -d ' ' -f2)
141	if [ -n "${chain}" ]; then
142	nft flush chain $1 $2 ${chain}
143	nft delete chain $1 $2 ${chain}
144	fi
145	done
146	nft delete table $1 $2
147	}
148
149	main "$@"
150	exit $?