Hello everyone,
I'm a Perl beginner and I've been trying for a while to to insert an array
in to the middle of another array after a certain pattern.
Here is what I'm trying to do...I have the Linux Iptables configuration
file, which has a custom chain called MAC which hold all the IP to MAC
entries mappings. Since I update the list manually, I usually end up with IP
addresses here and there...I managed to put all the sorted IP to MAC entries
on a seperate array, and then remove all the MAC entries from the original
file...So what I basically need to do is insert the sorted iptables array
between the INPUT and OUTPUT chains. Here is a sample output of the array,
when all MAC entries are removed...
# Generated by iptables-save v1.3.0 on Wed Jan 17 10:35:18 2007
*filter
:FORWARD DROP [7:336]
:INPUT DROP [11:904]
:MAC - [0:0]
:OUTPUT DROP [7:7994]
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -s 192.168.0.222 -j ACCEPT
-A FORWARD -s 192.168.0.25 -j ACCEPT
-A FORWARD -s 192.168.0.15 -j ACCEPT
-A FORWARD -s 192.168.0.74 -j ACCEPT
-A FORWARD -s 192.168.0.33 -j ACCEPT
-A FORWARD -s 192.168.0.247 -j ACCEPT
-A FORWARD -s 192.168.0.36 -j ACCEPT
-A FORWARD -s 192.168.0.17 -j ACCEPT
-A FORWARD -s 192.168.0.182 -j ACCEPT
-A FORWARD -s 192.168.0.99 -j ACCEPT
-A FORWARD -s 192.168.0.97 -p tcp --dport 9099 -j ACCEPT
-A FORWARD -s 192.168.0.18 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 22 -j MAC
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 110 -j MAC
-A FORWARD -p tcp -m tcp --dport 6346 -j ACCEPT
-A FORWARD -s 192.168.0.204 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 22 -j MAC
-A FORWARD -p tcp -m tcp --dport 6667 -j MAC
-A FORWARD -s 192.168.0.204 -p tcp -m tcp --dport 995 -j MAC
-A FORWARD -s 192.168.0.204 -p tcp -m tcp --dport 465 -j MAC
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -p icmp -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j MAC
-A INPUT -p tcp -m tcp --dport 25 -j MAC
-A INPUT -i eth1 -p tcp -m tcp --dport 8080 -j MAC
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 2020 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 2082 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 2802 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 23 -j ACCEPT
COMMIT
# Completed on Wed Jan 17 10:35:18 2007
# Generated by iptables-save v1.3.0 on Wed Jan 17 10:35:18 2007
*nat
:OUTPUT ACCEPT [9:8239]
:POSTROUTING ACCEPT [2:245]
:PREROUTING ACCEPT [53:5377]
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth2 -j SNAT --to-source
202.21.179.2
COMMIT
# Completed on Wed Jan 17 10:35:18 2007
and here is the code I wrote:
#!/usr/bin/perl -w
use strict ;
my $file = "iptables.bac" ;
my @sorted_list ;
my %barrel ;
my $item = 0 ;
open IPTABLES, $file
or die "Could not open '$file': $!\n" ;
my @content = <IPTABLES> ;
foreach (@content) {
if (/.*-A MAC/) {
my @chunks = split ;
my $last_octet = $chunks[3] ;
$last_octet =~ s/^.*\.// ;
$barrel{$last_octet} = $_ ;
}
}
foreach (sort { $a <=> $b } keys %barrel) {
push @sorted_list, $barrel{$_} ;
}
foreach (@content) {
s/.*-A MAC.*\n$// ;
}
print @content ;
Can someone please help me...Thank you in advance...!
--
Typos
FourThirty Inc.
Domain Administrator
