#!/usr/bin/perl #-------------------------------------------------------------- # Script to write iptables-save syntaxed file, add rules to # relating table files mangle, nat, filter. example table file # syntax: # INPUT DROP (Chain Policy) # -p tcp -s 192.168.0.10 -d 80.45.76.34 --dport 143 -j ACCEPT (Rule) #-------------------------------------------------------------- use strict; use warnings; use Data::Dumper; use Tie::IxHash; #-------------------------------------------------------------- # Declare Global Vars #-------------------------------------------------------------- my $filter = "filter"; my $mangle = "mangle"; my $nat = "nat"; my @tables = ($mangle, $nat, $filter); my $date = qx(date +%d%m%y%T|sed 's/\://g'); chomp $date; my $outfile = "firewall-$date"; #-------------------------------------------------------------- # Tie to keep hash order no memory optimization #-------------------------------------------------------------- tie (my %rules, 'Tie::IxHash'); #-------------------------------------------------------------- # Open each table file, match ^uppper case, split (chain policy) # , chain as hash key, push remaining lines (rules) on array ref # to key value. Print keys:policy then values, COMMIT #-------------------------------------------------------------- sub main { open IPTSAVE, ">> $outfile" or die "Failed to open $outfile : $!"; for my $file (@tables) { %rules = (); my $r = \my @uncategorised; my ($chain,$policy); print IPTSAVE "\*$file\n"; local *_; open (FILE, "<$file") or die "Failed to open $file: $!"; while() { chomp; next if ( /^#|^\s^/ ); if ( /^[[:upper:]]/ ) { ($chain,$policy) = split(/ /); $r = \@{$rules{$chain}}; } else { push @$r => $_; } } close FILE; for my $key ( keys %rules ) { print IPTSAVE ":$key $policy [0:0]\n"; } for my $key ( keys %rules ) { foreach(@{$rules{$key}}) { print IPTSAVE "-A $key $_\n"; } } print IPTSAVE "COMMIT\n"; } { close IPTSAVE if eof }; } #-------------------------------------------------------------- # Run Main() #-------------------------------------------------------------- main();