sonic-buildimage/files/image_config/ebtables/ebtables.init

#!/bin/bash
#
# init script for the Ethernet Bridge filter tables
#
# Written by Dag Wieers <dag@wieers.com>
# Modified by Rok Papez <rok.papez@arnes.si>
#	     Bart De Schuymer <bdschuym@pandora.be>
# Adapted to Debian by Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
#
# chkconfig: - 15 85
# description: Ethernet Bridge filtering tables
#
### BEGIN INIT INFO
# Provides:		ebtables
# Required-Start:
# Required-Stop:
# Should-Start:		$local_fs
# Should-Stop:		$local_fs
# Default-Start:	S
# Default-Stop:		0 1 6
# Short-Description:	ebtables ruleset management
# Description:		Saves and restores the state of the ebtables rulesets.
### END INIT INFO

. /lib/lsb/init-functions

test -f /sbin/ebtables || exit 0

EBTABLES_DUMPFILE_STEM=/etc/ebtables

RETVAL=0
prog="ebtables"
desc="Ethernet bridge filtering"
umask 0077

#default configuration
EBTABLES_MODULES_UNLOAD="yes"
EBTABLES_LOAD_ON_START="no"
EBTABLES_SAVE_ON_STOP="no"
EBTABLES_SAVE_ON_RESTART="no"
EBTABLES_SAVE_COUNTER="no"
EBTABLES_BACKUP_SUFFIX="~"

config=/etc/default/$prog
[ -f "$config" ] && . "$config"

function get_supported_tables() {
	EBTABLES_SUPPORTED_TABLES=
	/sbin/ebtables -t filter -L 2>&1 1>/dev/null | grep -q permission
	if [ $? -eq 0 ]; then
		log_failure_msg "Error: insufficient privileges to access the ebtables rulesets."
		exit 1
	fi
	for table in filter nat broute; do
		/sbin/ebtables -t $table -L &> /dev/null
		if [ $? -eq 0 ]; then
			EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table"
		fi
	done
}

function load() {
	RETVAL=0
	get_supported_tables
	log_daemon_msg "Restoring ebtables rulesets"
	for table in $EBTABLES_SUPPORTED_TABLES; do
		log_progress_msg "$table"
		if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then
			/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit
			RET=$?
			if [ $RET -ne 0 ]; then
				log_progress_msg "(failed)"
				RETVAL=$RET
			fi
		else
			log_progress_msg "(no saved state)"
		fi
	done
	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
		log_progress_msg "no kernel support"
	else
		log_progress_msg "done"
	fi
	log_end_msg $RETVAL
}

function clear() {
	RETVAL=0
	get_supported_tables
	log_daemon_msg "Clearing ebtables rulesets"
	for table in $EBTABLES_SUPPORTED_TABLES; do
		log_progress_msg "$table"
		/sbin/ebtables -t $table --init-table
	done

	if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then
		for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do
			rmmod $mod 2> /dev/null
		done
	fi
	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
		log_progress_msg "no kernel support"
	else
		log_progress_msg "done"
	fi
	log_end_msg $RETVAL
}

function save() {
	RETVAL=0
	get_supported_tables
	log_daemon_msg "Saving ebtables rulesets"
	for table in $EBTABLES_SUPPORTED_TABLES; do
		log_progress_msg "$table"
		[ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \
		  mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX
		/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save
		RET=$?
		if [ $RET -ne 0 ]; then
			log_progress_msg "(failed)"
			RETVAL=$RET
		else
			if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
				/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z
			fi
		fi
	done
	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
		log_progress_msg "no kernel support"
	else
		log_progress_msg "done"
	fi
	log_end_msg $RETVAL
}

case "$1" in
  start)
	[ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
	;;
  stop)
	[ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save
	clear
	;;
  restart|reload|force-reload)
	[ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save
	clear
	[ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
	;;
  load)
	load
	;;
  save)
	save
	;;
  status)
	get_supported_tables
	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
		log_failure_msg "No kernel support for ebtables."
		RETVAL=1
	else
		log_daemon_msg "Ebtables support available, number of installed rules"
		for table in $EBTABLES_SUPPORTED_TABLES; do
			COUNT=$(( $(/sbin/ebtables -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 ))
			log_progress_msg "$table($COUNT)"
		done
		log_end_msg 0
		RETVAL=0
	fi
	;;
  *)
	echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2
	RETVAL=1
esac

exit $RETVAL
[baseimage]: setup ebtables.service in buster image ebtables is not enabled by default in buster Signed-off-by: Guohan Lu <lguohan@gmail.com> 2020-02-03 19:46:52 -06:00			`#!/bin/bash`
			`#`
			`# init script for the Ethernet Bridge filter tables`
			`#`
			`# Written by Dag Wieers <dag@wieers.com>`
			`# Modified by Rok Papez <rok.papez@arnes.si>`
			`# Bart De Schuymer <bdschuym@pandora.be>`
			`# Adapted to Debian by Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>`
			`#`
			`# chkconfig: - 15 85`
			`# description: Ethernet Bridge filtering tables`
			`#`
			`### BEGIN INIT INFO`
			`# Provides: ebtables`
			`# Required-Start:`
			`# Required-Stop:`
			`# Should-Start: $local_fs`
			`# Should-Stop: $local_fs`
			`# Default-Start: S`
			`# Default-Stop: 0 1 6`
			`# Short-Description: ebtables ruleset management`
			`# Description: Saves and restores the state of the ebtables rulesets.`
			`### END INIT INFO`

			`. /lib/lsb/init-functions`

			`test -f /sbin/ebtables \|\| exit 0`

			`EBTABLES_DUMPFILE_STEM=/etc/ebtables`

			`RETVAL=0`
			`prog="ebtables"`
			`desc="Ethernet bridge filtering"`
			`umask 0077`

			`#default configuration`
			`EBTABLES_MODULES_UNLOAD="yes"`
			`EBTABLES_LOAD_ON_START="no"`
			`EBTABLES_SAVE_ON_STOP="no"`
			`EBTABLES_SAVE_ON_RESTART="no"`
			`EBTABLES_SAVE_COUNTER="no"`
			`EBTABLES_BACKUP_SUFFIX="~"`

			`config=/etc/default/$prog`
			`[ -f "$config" ] && . "$config"`

			`function get_supported_tables() {`
			`EBTABLES_SUPPORTED_TABLES=`
			`/sbin/ebtables -t filter -L 2>&1 1>/dev/null \| grep -q permission`
			`if [ $? -eq 0 ]; then`
			`log_failure_msg "Error: insufficient privileges to access the ebtables rulesets."`
			`exit 1`
			`fi`
			`for table in filter nat broute; do`
			`/sbin/ebtables -t $table -L &> /dev/null`
			`if [ $? -eq 0 ]; then`
			`EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table"`
			`fi`
			`done`
			`}`

			`function load() {`
			`RETVAL=0`
			`get_supported_tables`
			`log_daemon_msg "Restoring ebtables rulesets"`
			`for table in $EBTABLES_SUPPORTED_TABLES; do`
			`log_progress_msg "$table"`
			`if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then`
			`/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit`
			`RET=$?`
			`if [ $RET -ne 0 ]; then`
			`log_progress_msg "(failed)"`
			`RETVAL=$RET`
			`fi`
			`else`
			`log_progress_msg "(no saved state)"`
			`fi`
			`done`
			`if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then`
			`log_progress_msg "no kernel support"`
			`else`
			`log_progress_msg "done"`
			`fi`
			`log_end_msg $RETVAL`
			`}`

			`function clear() {`
			`RETVAL=0`
			`get_supported_tables`
			`log_daemon_msg "Clearing ebtables rulesets"`
			`for table in $EBTABLES_SUPPORTED_TABLES; do`
			`log_progress_msg "$table"`
			`/sbin/ebtables -t $table --init-table`
			`done`

			`if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then`
			`for mod in $(grep -E '^(ebt\|ebtable)_' /proc/modules \| cut -d' ' -f1) ebtables; do`
			`rmmod $mod 2> /dev/null`
			`done`
			`fi`
			`if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then`
			`log_progress_msg "no kernel support"`
			`else`
			`log_progress_msg "done"`
			`fi`
			`log_end_msg $RETVAL`
			`}`

			`function save() {`
			`RETVAL=0`
			`get_supported_tables`
			`log_daemon_msg "Saving ebtables rulesets"`
			`for table in $EBTABLES_SUPPORTED_TABLES; do`
			`log_progress_msg "$table"`
			`[ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \`
			`mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX`
			`/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save`
			`RET=$?`
			`if [ $RET -ne 0 ]; then`
			`log_progress_msg "(failed)"`
			`RETVAL=$RET`
			`else`
			`if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then`
			`/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z`
			`fi`
			`fi`
			`done`
			`if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then`
			`log_progress_msg "no kernel support"`
			`else`
			`log_progress_msg "done"`
			`fi`
			`log_end_msg $RETVAL`
			`}`

			`case "$1" in`
			`start)`
			`[ "$EBTABLES_LOAD_ON_START" = "yes" ] && load`
			`;;`
			`stop)`
			`[ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save`
			`clear`
			`;;`
			`restart\|reload\|force-reload)`
			`[ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save`
			`clear`
			`[ "$EBTABLES_LOAD_ON_START" = "yes" ] && load`
			`;;`
			`load)`
			`load`
			`;;`
			`save)`
			`save`
			`;;`
			`status)`
			`get_supported_tables`
			`if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then`
			`log_failure_msg "No kernel support for ebtables."`
			`RETVAL=1`
			`else`
			`log_daemon_msg "Ebtables support available, number of installed rules"`
			`for table in $EBTABLES_SUPPORTED_TABLES; do`
			`COUNT=$(( $(/sbin/ebtables -t $table -L \| sed -e "/^Bridge chain/! d" -e "s/^.entries: //" -e "s/,.$/ +/") 0 ))`
			`log_progress_msg "$table($COUNT)"`
			`done`
			`log_end_msg 0`
			`RETVAL=0`
			`fi`
			`;;`
			`*)`
			`echo "Usage: $0 {start\|stop\|restart\|reload\|force-reload\|load\|save\|status}" >&2`
			`RETVAL=1`
			`esac`

			`exit $RETVAL`