diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-08-22 17:39:06 -0700 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-08-22 17:39:06 -0700 |
| commit | b77b60b9c9d7d20361ba9dddb2946a2a9d351dc8 (patch) | |
| tree | 98bf1687e3643bfd74599c140c25bebf32ea4bf2 | |
| parent | efdcd39a9b06ac5e45583a4e5eb00ae8ae480337 (diff) | |
| parent | 80daa728571c59789ebf8b22992292d74de6096f (diff) | |
| download | vyatta-cfg-firewall-b77b60b9c9d7d20361ba9dddb2946a2a9d351dc8.tar.gz vyatta-cfg-firewall-b77b60b9c9d7d20361ba9dddb2946a2a9d351dc8.zip | |
Merge branch 'pacifica' of git.vyatta.com:/git/vyatta-cfg-firewall into pacifica
| -rw-r--r-- | debian/changelog | 28 | ||||
| -rw-r--r-- | debian/vyatta-cfg-firewall.install | 1 | ||||
| -rwxr-xr-x | gen-interface-templates.pl | 10 | ||||
| -rw-r--r-- | scripts/firewall/firewall.init.in | 12 |
4 files changed, 39 insertions, 12 deletions
diff --git a/debian/changelog b/debian/changelog index 993db4e..20148ab 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,31 @@ +vyatta-cfg-firewall (0.13.81) unstable; urgency=low + + * Bugfix 8271: Remove Vestigial VRRP hooks. The implementation changed + and these are no longer needed. + * 0.13.80 + + -- John Southworth <john.southworth@vyatta.com> Thu, 09 Aug 2012 16:53:27 -0700 + +vyatta-cfg-firewall (0.13.80) unstable; urgency=low + + * Bugfix 8271: Remove Vestigial VRRP hooks. The implementation changed + and these are no longer needed. + + -- John Southworth <john.southworth@vyatta.com> Thu, 09 Aug 2012 16:53:20 -0700 + +vyatta-cfg-firewall (0.13.79) unstable; urgency=low + + * Bugfix 8217: VTI: add firewall cfg commands under interfaces vti + * 0.13.78 + + -- Saurabh Mohan <saurabh@vyatta.com> Thu, 09 Aug 2012 14:01:58 -0700 + +vyatta-cfg-firewall (0.13.78) unstable; urgency=low + + * Bugfix 8217: VTI: add firewall cfg commands under interfaces vti + + -- Saurabh Mohan <saurabh@vyatta.com> Thu, 09 Aug 2012 13:29:07 -0700 + vyatta-cfg-firewall (0.13.77) unstable; urgency=low * fixing 8173: moving CT_HELPER chain just before CTTIMEOUT diff --git a/debian/vyatta-cfg-firewall.install b/debian/vyatta-cfg-firewall.install index 633b9e0..57693ee 100644 --- a/debian/vyatta-cfg-firewall.install +++ b/debian/vyatta-cfg-firewall.install @@ -10,5 +10,6 @@ opt/vyatta/share/vyatta-cfg/templates/interfaces/input opt/vyatta/share/vyatta-cfg/templates/interfaces/openvpn opt/vyatta/share/vyatta-cfg/templates/interfaces/pseudo-ethernet opt/vyatta/share/vyatta-cfg/templates/interfaces/tunnel +opt/vyatta/share/vyatta-cfg/templates/interfaces/vti opt/vyatta/share/vyatta-cfg/templates/interfaces/wireless opt/vyatta/share/vyatta-cfg/templates/interfaces/wirelessmodem diff --git a/gen-interface-templates.pl b/gen-interface-templates.pl index 3f7a232..9a9dc41 100755 --- a/gen-interface-templates.pl +++ b/gen-interface-templates.pl @@ -55,6 +55,7 @@ my %interface_hash = ( 'input/node.tag' => '$VAR(../../../@)', 'tunnel/node.tag' => '$VAR(../../../@)', + 'vti/node.tag' => '$VAR(../../../@)', 'bridge/node.tag' => '$VAR(../../../@)', 'openvpn/node.tag' => '$VAR(../../../@)', @@ -70,6 +71,12 @@ my %interface_hash = ( 'wirelessmodem/node.tag' => '$VAR(../../../@)', ); +# Hash table to check if the priority needs to set @ root +# of the node.def which is generated. +my %interface_prio = ( + 'vti/node.tag' => '901', +); + # The subdirectory where the generated templates will go my $template_subdir = "generated-templates/interfaces"; @@ -102,6 +109,9 @@ sub gen_firewall_template { open my $tp, '>', "$path/$node_file" or die "Can't create $path/$node_file: $!"; + if (exists $interface_prio{ $if_tree }) { + print $tp "priority: $interface_prio{ $if_tree }\n"; + } print $tp "help: Firewall options\n"; close $tp or die "Can't write $path/$node_file: $!"; diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in index a7fb685..d38d052 100644 --- a/scripts/firewall/firewall.init.in +++ b/scripts/firewall/firewall.init.in @@ -68,18 +68,6 @@ start () { iptables -t raw -I VYATTA_CT_HELPER -p tcp --dport 1525 -j CT --helper tns iptables -t raw -A VYATTA_CT_HELPER -j RETURN - # setup vrrp backup transition chain - # we need to filter traffic to the vrrp mac addresses - # on the vrrp backup router before we do anything else. - iptables -t raw -N VYATTA_VRRP_FILTER - iptables -t raw -A VYATTA_VRRP_FILTER -j RETURN - iptables -t raw -A PREROUTING -j VYATTA_VRRP_FILTER - - iptables -t raw -N VYATTA_VRRP_OUTPUT_FILTER - iptables -t raw -A VYATTA_VRRP_OUTPUT_FILTER -j RETURN - iptables -t raw -I OUTPUT -j VYATTA_VRRP_OUTPUT_FILTER - - # set up notrack chains/rules for IPv4 # by default, nothing is tracked. iptables -t raw -N VYATTA_CT_PREROUTING_HOOK |