Task T35 - enable prune-deleted-sets for inet6 family firewall templates

2 files changed, 7 insertions, 4 deletions

diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl
index e5b2fd1..65e0325 100755
--- a/scripts/firewall/vyatta-ipset.pl
+++ b/scripts/firewall/vyatta-ipset.pl
@@ -352,7 +352,6 @@ sub prune_deleted_sets {
       my $type = $group->get_type();
       my $family = $group->get_family();
       ($family eq 'inet') ? $cfg->setLevel("firewall group $type-group") : $cfg->setLevel("firewall group ipv6-$type-group");
-      $cfg->setLevel("firewall group $type-group");
       next if ($cfg->isEffective($set)); # don't prune if still in config
       my $rc;
       $rc = ipset_delete($set);
diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def
index e7e1167..2e20b9a 100644
--- a/templates/firewall/ipv6-name/node.def
+++ b/templates/firewall/ipv6-name/node.def
@@ -14,17 +14,21 @@ syntax:expression: ! pattern $VAR(@) "^VZONE" ; \
 
 end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules "firewall ipv6-name" "$VAR(@)" ;
      then
-       if [ ${COMMIT_ACTION} = 'DELETE' ] ; 
+       if [ ${COMMIT_ACTION} = 'DELETE' ] ;
        then
           if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok "firewall ipv6-name" ;
           then
-             sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown "firewall ipv6-name"
+             if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown "firewall ipv6-name"; then
+                ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)"
+             fi
           fi
+       else
+          ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)"
        fi
      else
        exit 1;
      fi
-     ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)"
+     sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=prune-deleted-sets
 
 create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables "firewall ipv6-name"