diff options
| author | root <root@eng-dhcp-191.vyatta.com> | 2012-11-16 17:12:56 -0800 |
|---|---|---|
| committer | root <root@eng-dhcp-191.vyatta.com> | 2012-11-16 17:12:56 -0800 |
| commit | 8f8cc0d72da9f82e0455959658e2cf153ce61902 (patch) | |
| tree | 0746c1a48b0f2a09b6f603effce9000f4af2e9a2 | |
| parent | 6b7808bf6c8dd9d1d9e993969358db2be135beff (diff) | |
| download | vyatta-cfg-firewall-8f8cc0d72da9f82e0455959658e2cf153ce61902.tar.gz vyatta-cfg-firewall-8f8cc0d72da9f82e0455959658e2cf153ce61902.zip | |
added reset all groups functions
| -rwxr-xr-x | lib/Vyatta/IpTables/IpSet.pm | 23 | ||||
| -rwxr-xr-x | scripts/firewall/vyatta-ipset.pl | 2 |
2 files changed, 18 insertions, 7 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm index aec1987..94fb78d 100755 --- a/lib/Vyatta/IpTables/IpSet.pm +++ b/lib/Vyatta/IpTables/IpSet.pm @@ -214,13 +214,11 @@ sub flush { sub rebuild_ipset() { my ($self) = @_; - print "rebuilding ipset\n"; my $name = $self->{_name}; my $type = $self->{_type}; my $config = new Vyatta::Config; my @members = $config->returnOrigValues("firewall group $type-group $name $type"); - print "firewall group $type-group $name @members\n"; # go through the firewall group config with this name, my $member; foreach $member (@members) { @@ -231,7 +229,6 @@ sub rebuild_ipset() { sub reset_ipset_named { my ($self) = @_; my $name = $self->{_name}; - print "reset ipset group $name\n"; # flush the ipset group first, then re-build the group from configuration $self->flush(); @@ -239,14 +236,30 @@ sub reset_ipset_named { } sub reset_ipset_all { - print "reset all ipset rules\n"; + my $config = new Vyatta::Config; + my @pgroups = $config->listOrigNodes("firewall group port-group"); + my @adgroups = $config->listOrigNodes("firewall group address-group"); + my @nwgroups = $config->listOrigNodes("firewall group network-group"); + my $group; + + foreach $group (@pgroups) { + my $grp = new Vyatta::IpTables::IpSet($group, "port"); + $grp->reset_ipset_named(); + } + foreach $group (@adgroups) { + my $grp = new Vyatta::IpTables::IpSet($group, "address"); + $grp->reset_ipset_named(); + } + foreach $group (@nwgroups) { + my $grp = new Vyatta::IpTables::IpSet($group, "network"); + $grp->reset_ipset_named(); + } } sub reset_ipset { # main function to do the reset operation my ($self) = @_; my $name = $self->{_name}; - print "type reset_ipset: $self->{_type}\n"; my $lockcmd = "touch $lockfile"; my $unlockcmd = "rm -f $lockfile"; diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl index e3a1dcd..eaa55a3 100755 --- a/scripts/firewall/vyatta-ipset.pl +++ b/scripts/firewall/vyatta-ipset.pl @@ -73,7 +73,6 @@ sub ipset_add_member { die "Error: undefined member" if ! defined $member; my $group = new Vyatta::IpTables::IpSet($set_name); - print "$member alias:$alias\n"; return $group->add_member($member, $alias); } @@ -307,7 +306,6 @@ GetOptions("action=s" => \$action, die "undefined action" if ! defined $action; my $rc; -print "type is $set_type\n"; $rc = ipset_reset($set_name, $set_type) if $action eq 'reset-set'; $rc = ipset_create($set_name, $set_type) if $action eq 'create-set'; |