mirror of
https://github.com/OpenNebula/one.git
synced 2025-01-11 05:17:41 +03:00
94 lines
3.5 KiB
Ruby
Executable File
94 lines
3.5 KiB
Ruby
Executable File
#!/usr/bin/env ruby
|
|
|
|
# -------------------------------------------------------------------------- #
|
|
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) #
|
|
# #
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
|
# not use this file except in compliance with the License. You may obtain #
|
|
# a copy of the License at #
|
|
# #
|
|
# http://www.apache.org/licenses/LICENSE-2.0 #
|
|
# #
|
|
# Unless required by applicable law or agreed to in writing, software #
|
|
# distributed under the License is distributed on an "AS IS" BASIS, #
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
|
# See the License for the specific language governing permissions and #
|
|
# limitations under the License. #
|
|
#--------------------------------------------------------------------------- #
|
|
|
|
#------------------------------------------------------------------------------
|
|
# Configuration Options for the script. Change it to fit your installation
|
|
#------------------------------------------------------------------------------
|
|
CONF = {
|
|
:ebtables => "sudo /sbin/ebtables",
|
|
:brctl => "/usr/sbin/brctl"
|
|
}
|
|
#------------------------------------------------------------------------------
|
|
|
|
RULE_TYPES=[
|
|
/-i ([\w\.\-]+) /,
|
|
/-o ([\w\.\-]+) /
|
|
]
|
|
|
|
#------------------------------------------------------------------------------
|
|
# Applies a given rule to the ebtables
|
|
#------------------------------------------------------------------------------
|
|
def deactivate(rule)
|
|
system "#{CONF[:ebtables]} -D #{rule}"
|
|
end
|
|
#------------------------------------------------------------------------------
|
|
|
|
#------------------------------------------------------------------------------
|
|
# Gets the interfaces attached to a given bridge
|
|
#------------------------------------------------------------------------------
|
|
def get_interfaces
|
|
brctl_exit =`#{CONF[:brctl]} show`
|
|
brctl_exit.split("\n")[1..-1].collect{|l| l.split.last }
|
|
end
|
|
#------------------------------------------------------------------------------
|
|
|
|
#------------------------------------------------------------------------------
|
|
# Gets the interfaces attached to a given bridge
|
|
#------------------------------------------------------------------------------
|
|
def get_rules
|
|
rules = Array.new
|
|
|
|
RULE_TYPES.each do |reg|
|
|
ebtables_exit = `#{CONF[:ebtables]} -L FORWARD`
|
|
|
|
rules << ebtables_exit.split("\n")[3..-1].collect do |l|
|
|
line = l.strip
|
|
m = line.match(reg)
|
|
|
|
if m
|
|
interface=m[1]
|
|
{
|
|
:interface => interface,
|
|
:rule => line
|
|
}
|
|
else
|
|
nil
|
|
end
|
|
end.compact
|
|
end
|
|
|
|
rules.flatten
|
|
end
|
|
|
|
###############################################################################
|
|
# Main
|
|
###############################################################################
|
|
|
|
# on "done", it waits a bit until the tap is detached from the bridge
|
|
sleep 1
|
|
|
|
interfaces = get_interfaces
|
|
all_rules = get_rules
|
|
|
|
all_rules.each do |rule|
|
|
if !interfaces.include?(rule[:interface])
|
|
deactivate("FORWARD #{rule[:rule]}")
|
|
end
|
|
end
|
|
|