summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGaurav Sinha <gaurav.sinha@vyatta.com>2012-11-19 10:24:25 -0800
committerGaurav Sinha <gaurav.sinha@vyatta.com>2012-11-19 12:32:01 -0800
commit0e1b6d26640898dbe2d27de52fbb3276502317d2 (patch)
treebcf9e0e6afb3b2cbaf929540bb7dfd4923322396
parent5bfb8101f94bac5280e27169617cad54f16b279d (diff)
downloadvyatta-cfg-firewall-0e1b6d26640898dbe2d27de52fbb3276502317d2.tar.gz
vyatta-cfg-firewall-0e1b6d26640898dbe2d27de52fbb3276502317d2.zip
added reset all groups functions
(cherry picked from commit b090e8cf73480ba6bbf967bf1fbd8f59e1a8843d) Conflicts: scripts/firewall/vyatta-ipset.pl (cherry picked from commit 2c2cd1aef9eada852084ecebb3c76e468cc56a2a)
Diffstat
-rwxr-xr-xlib/Vyatta/IpTables/IpSet.pm23
-rwxr-xr-xscripts/firewall/vyatta-ipset.pl1
2 files changed, 18 insertions, 6 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm
index 089a3b8..5c4b6ce 100755
--- a/lib/Vyatta/IpTables/IpSet.pm
+++ b/lib/Vyatta/IpTables/IpSet.pm
@@ -214,13 +214,11 @@ sub flush {
sub rebuild_ipset() {
my ($self) = @_;
- print "rebuilding ipset\n";
my $name = $self->{_name};
my $type = $self->{_type};
my $config = new Vyatta::Config;
my @members = $config->returnOrigValues("firewall group $type-group $name $type");
- print "firewall group $type-group $name @members\n";
# go through the firewall group config with this name,
my $member;
foreach $member (@members) {
@@ -231,7 +229,6 @@ sub rebuild_ipset() {
sub reset_ipset_named {
my ($self) = @_;
my $name = $self->{_name};
- print "reset ipset group $name\n";
# flush the ipset group first, then re-build the group from configuration
$self->flush();
@@ -239,14 +236,30 @@ sub reset_ipset_named {
}
sub reset_ipset_all {
- print "reset all ipset rules\n";
+ my $config = new Vyatta::Config;
+ my @pgroups = $config->listOrigNodes("firewall group port-group");
+ my @adgroups = $config->listOrigNodes("firewall group address-group");
+ my @nwgroups = $config->listOrigNodes("firewall group network-group");
+ my $group;
+
+ foreach $group (@pgroups) {
+ my $grp = new Vyatta::IpTables::IpSet($group, "port");
+ $grp->reset_ipset_named();
+ }
+ foreach $group (@adgroups) {
+ my $grp = new Vyatta::IpTables::IpSet($group, "address");
+ $grp->reset_ipset_named();
+ }
+ foreach $group (@nwgroups) {
+ my $grp = new Vyatta::IpTables::IpSet($group, "network");
+ $grp->reset_ipset_named();
+ }
}
sub reset_ipset {
# main function to do the reset operation
my ($self) = @_;
my $name = $self->{_name};
- print "type reset_ipset: $self->{_type}\n";
my $lockcmd = "touch $lockfile";
my $unlockcmd = "rm -f $lockfile";
diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl
index 986ad13..99ae085 100755
--- a/scripts/firewall/vyatta-ipset.pl
+++ b/scripts/firewall/vyatta-ipset.pl
@@ -317,7 +317,6 @@ GetOptions("action=s" => \$action,
die "undefined action" if ! defined $action;
my $rc;
-print "type is $set_type\n";
$rc = ipset_reset($set_name, $set_type) if $action eq 'reset-set';
$rc = ipset_create($set_name, $set_type) if $action eq 'create-set';
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 06:22:06 +0000