#!/usr/bin/perl
#--------------------------------------------------------------
# Script to write iptables-save syntaxed file, add rules to
# relating table files mangle, nat, filter. example table file
# syntax:
# INPUT DROP (Chain Policy)
# -p tcp -s 192.168.0.10 -d 80.45.76.34 --dport 143 -j ACCEPT (Rule)
#--------------------------------------------------------------
use strict;
use warnings;
use Data::Dumper;
use Tie::IxHash;
#--------------------------------------------------------------
# Declare Global Vars
#--------------------------------------------------------------
my $filter = "filter";
my $mangle = "mangle";
my $nat = "nat";
my @tables = ($mangle, $nat, $filter);
my $date = qx(date +%d%m%y%T|sed 's/\://g'); chomp $date;
my $outfile = "firewall-$date";
#--------------------------------------------------------------
# Tie to keep hash order no memory optimization
#--------------------------------------------------------------
tie (my %rules, 'Tie::IxHash');
#--------------------------------------------------------------
# Open each table file, match ^uppper case, split (chain policy)
# , chain as hash key, push remaining lines (rules) on array ref
# to key value. Print keys:policy then values, COMMIT
#--------------------------------------------------------------
sub main {
open IPTSAVE, ">> $outfile" or die "Failed to open $outfile : $!";
for my $file (@tables) {
%rules = ();
my $r = \my @uncategorised;
my ($chain,$policy);
print IPTSAVE "\*$file\n";
local *_;
open (FILE, "<$file") or die "Failed to open $file: $!";
while(<FILE>) {
chomp;
next if ( /^#|^\s^/ );
if ( /^[[:upper:]]/ ) {
($chain,$policy) = split(/ /);
$r = \@{$rules{$chain}};
} else {
push @$r => $_;
}
} close FILE;
for my $key ( keys %rules ) {
print IPTSAVE ":$key $policy [0:0]\n";
}
for my $key ( keys %rules ) {
foreach(@{$rules{$key}}) {
print IPTSAVE "-A $key $_\n";
}
}
print IPTSAVE "COMMIT\n";
}
{ close IPTSAVE if eof };
}
#--------------------------------------------------------------
# Run Main()
#--------------------------------------------------------------
main();
Regards,
k_grdn |