diff options
| author | Marian Tudosoiu <marian.tudosoiu@1and1.ro> | 2018-03-14 10:27:25 +0200 |
|---|---|---|
| committer | Marian Tudosoiu <marian.tudosoiu@1and1.ro> | 2018-03-14 10:27:25 +0200 |
| commit | 65410961b33a072addf91dce7879f6a734aa2187 (patch) | |
| tree | 54fe57581540f2e0f21573dfecd8d73f7dd3c9dd | |
| parent | 4e3ea201d7902d9a0641bbecf42d7e837595e01b (diff) | |
| download | vyatta-cfg-firewall-65410961b33a072addf91dce7879f6a734aa2187.tar.gz vyatta-cfg-firewall-65410961b33a072addf91dce7879f6a734aa2187.zip | |
Task T35 change to place ipv6 address-groups and network groups under group config tree
10 files changed, 12 insertions, 9 deletions
diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl index f18237d..0f7f731 100755 --- a/scripts/firewall/vyatta-ipset.pl +++ b/scripts/firewall/vyatta-ipset.pl @@ -252,7 +252,7 @@ sub ipset_is_group_defined { die "Error: undefined set_type\n" if ! defined $set_type; die "Error: undefined set_family\n" if ! defined $set_family; - my $gpath = ($set_family eq 'inet') ? "firewall ipv6-group $set_type-group" : "firewall group $set_type-group"; + my $gpath = ($set_family eq 'inet') ? "firewall group ipv6-$set_type-group" : "firewall group $set_type-group"; my @groups = $cfg->listOrigNodes($gpath); my $group; foreach $group (@groups) { @@ -267,7 +267,7 @@ sub update_set { my ($set_name, $set_type, $set_family) = @_; my $cfg = new Vyatta::Config; my ($rc, $newset); - my $cpath = ($set_family eq 'inet') ? "firewall group $set_type-group $set_name" : "firewall ipv6-group $set_type-group $set_name"; + my $cpath = ($set_family eq 'inet') ? "firewall group $set_type-group $set_name" : "firewall group ipv6-$set_type-group $set_name"; if ($cfg->existsOrig($cpath)) { if (!$cfg->exists($cpath)) { # deleted diff --git a/templates/firewall/ipv6-group/address-group/node.def b/templates/firewall/group/ipv6-address-group/node.def index b61f784..7ce50d2 100644 --- a/templates/firewall/ipv6-group/address-group/node.def +++ b/templates/firewall/group/ipv6-address-group/node.def @@ -21,5 +21,5 @@ syntax:expression: exec "/opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-defi end: if sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=update-set \ --set-name="$VAR(@)" --set-type=address --set-family=inet6; then - ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall group address-group $VAR(@)" + ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall group ipv6-address-group $VAR(@)" fi diff --git a/templates/firewall/ipv6-group/address-group/node.tag/address/node.def b/templates/firewall/group/ipv6-address-group/node.tag/address/node.def index ba944e6..ba944e6 100644 --- a/templates/firewall/ipv6-group/address-group/node.tag/address/node.def +++ b/templates/firewall/group/ipv6-address-group/node.tag/address/node.def diff --git a/templates/firewall/group/ipv6-address-group/node.tag/description/node.def b/templates/firewall/group/ipv6-address-group/node.tag/description/node.def new file mode 100644 index 0000000..f630483 --- /dev/null +++ b/templates/firewall/group/ipv6-address-group/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: IPv6 Address-group description
\ No newline at end of file diff --git a/templates/firewall/ipv6-group/network-group/node.def b/templates/firewall/group/ipv6-network-group/node.def index 90383c2..299b8cc 100644 --- a/templates/firewall/ipv6-group/network-group/node.def +++ b/templates/firewall/group/ipv6-network-group/node.def @@ -15,7 +15,11 @@ syntax:expression: pattern $VAR(@) "^[^!]" ; \ syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \ "Firewall group name cannot contain shell punctuation" +syntax:expression: exec "/opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-defined --set-name=$VAR(@) \ + --set-type=network --set-family=inet6"; \ + "Firewall group name already used as Ipv6 group address" + end: if sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=update-set \ --set-name="$VAR(@)" --set-type=network --set-family=inet6; then - ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-group network-group $VAR(@)" + ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall group ipv6-network-group $VAR(@)" fi diff --git a/templates/firewall/group/ipv6-network-group/node.tag/description/node.def b/templates/firewall/group/ipv6-network-group/node.tag/description/node.def new file mode 100644 index 0000000..cc905df --- /dev/null +++ b/templates/firewall/group/ipv6-network-group/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: IPv6-network-group description diff --git a/templates/firewall/ipv6-group/network-group/node.tag/network/node.def b/templates/firewall/group/ipv6-network-group/node.tag/network/node.def index 879a164..879a164 100644 --- a/templates/firewall/ipv6-group/network-group/node.tag/network/node.def +++ b/templates/firewall/group/ipv6-network-group/node.tag/network/node.def diff --git a/templates/firewall/ipv6-group/address-group/node.tag/description/node.def b/templates/firewall/ipv6-group/address-group/node.tag/description/node.def deleted file mode 100644 index 032553a..0000000 --- a/templates/firewall/ipv6-group/address-group/node.tag/description/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: IPv6 Address-group description diff --git a/templates/firewall/ipv6-group/network-group/node.tag/description/node.def b/templates/firewall/ipv6-group/network-group/node.tag/description/node.def deleted file mode 100644 index 52bb8e4..0000000 --- a/templates/firewall/ipv6-group/network-group/node.tag/description/node.def +++ /dev/null @@ -1,2 +0,0 @@ -type: txt -help: Network-group description diff --git a/templates/firewall/ipv6-group/node.def b/templates/firewall/ipv6-group/node.def deleted file mode 100644 index 3c87f34..0000000 --- a/templates/firewall/ipv6-group/node.def +++ /dev/null @@ -1 +0,0 @@ -help: IPv6 Firewall group |