summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAn-Cheng Huang <ancheng@vyatta.com>2008-02-29 16:00:59 -0800
committerAn-Cheng Huang <ancheng@vyatta.com>2008-02-29 16:00:59 -0800
commitfff71d55997d8e2840f08c12b4e15bb09f7e0806 (patch)
treea4fa4b6c50778134293d5d16b45ba93a208c47c8
parent368e5464188b61427e9bb7998c5694671a4d949e (diff)
downloadvyatta-cfg-firewall-fff71d55997d8e2840f08c12b4e15bb09f7e0806.tar.gz
vyatta-cfg-firewall-fff71d55997d8e2840f08c12b4e15bb09f7e0806.zip
fix a problem in the interaction between "firewall" and "interfaces".
-rwxr-xr-xscripts/firewall/vyatta-firewall.pl12
1 files changed, 9 insertions, 3 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl
index 35813f0..6d7af05 100755
--- a/scripts/firewall/vyatta-firewall.pl
+++ b/scripts/firewall/vyatta-firewall.pl
@@ -109,8 +109,7 @@ sub update_rules() {
# we could delete rule one by one if those are important.
system("$logger Running: iptables -F $name");
system("iptables -F $name 2>&1 | $logger");
- system("$logger Running: iptables -A $name -j DROP");
- system("iptables -A $name -j DROP 2>&1 | $logger");
+ add_default_drop_rule($name);
next;
}
@@ -340,6 +339,11 @@ sub setup_iptables() {
return 0;
}
+sub add_default_drop_rule {
+ my $chain = shift;
+ system("iptables -A $chain -j DROP 2>&1 | $logger");
+}
+
sub setup_chain($) {
my $chain = shift;
my $configured = `iptables -n -L $chain 2>&1 | head -1`;
@@ -347,7 +351,7 @@ sub setup_chain($) {
$_ = $configured;
if (!/^Chain $chain/) {
system("iptables --new-chain $chain 2>&1 | $logger") == 0 || die "iptables error: $chain --new-chain: $?\n";
- system("iptables -A $chain -j DROP 2>&1 | $logger");
+ add_default_drop_rule($chain);
}
}
@@ -370,6 +374,8 @@ sub delete_chain($) {
system("iptables --flush $chain 2>&1 | $logger") == 0 || die "iptables error: $chain --flush: $?\n";
if (!chain_referenced($chain)) {
system("iptables --delete-chain $chain 2>&1 | $logger") == 0 || die "iptables error: $chain --delete-chain: $?\n";
+ } else {
+ add_default_drop_rule($chain);
}
}
}