diff options
| author | Daniil Baturin <daniil@baturin.org> | 2018-04-20 01:17:31 +0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-04-20 01:17:31 +0700 |
| commit | 212e6bf3a20567316bb3477c0f280505f0d8c709 (patch) | |
| tree | f8817223ddb2908f7be2fb80b105a1634b6f646d | |
| parent | 379cdf6aee9b1f034344e2f7befcde13291d8bef (diff) | |
| parent | 7272364a23c9f00f17f719c1efee756d960e8984 (diff) | |
| download | vyatta-cfg-firewall-212e6bf3a20567316bb3477c0f280505f0d8c709.tar.gz vyatta-cfg-firewall-212e6bf3a20567316bb3477c0f280505f0d8c709.zip | |
Merge pull request #11 from mtudosoiu/current
Task T35 - enable prune-deleted-sets for inet6 family firewall templates
| -rwxr-xr-x | scripts/firewall/vyatta-ipset.pl | 1 | ||||
| -rw-r--r-- | templates/firewall/ipv6-name/node.def | 10 |
2 files changed, 7 insertions, 4 deletions
diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl index e5b2fd1..65e0325 100755 --- a/scripts/firewall/vyatta-ipset.pl +++ b/scripts/firewall/vyatta-ipset.pl @@ -352,7 +352,6 @@ sub prune_deleted_sets { my $type = $group->get_type(); my $family = $group->get_family(); ($family eq 'inet') ? $cfg->setLevel("firewall group $type-group") : $cfg->setLevel("firewall group ipv6-$type-group"); - $cfg->setLevel("firewall group $type-group"); next if ($cfg->isEffective($set)); # don't prune if still in config my $rc; $rc = ipset_delete($set); diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def index e7e1167..2e20b9a 100644 --- a/templates/firewall/ipv6-name/node.def +++ b/templates/firewall/ipv6-name/node.def @@ -14,17 +14,21 @@ syntax:expression: ! pattern $VAR(@) "^VZONE" ; \ end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules "firewall ipv6-name" "$VAR(@)" ; then - if [ ${COMMIT_ACTION} = 'DELETE' ] ; + if [ ${COMMIT_ACTION} = 'DELETE' ] ; then if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok "firewall ipv6-name" ; then - sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown "firewall ipv6-name" + if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown "firewall ipv6-name"; then + ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)" + fi fi + else + ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)" fi else exit 1; fi - ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)" + sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=prune-deleted-sets create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables "firewall ipv6-name" |