diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2009-07-10 16:50:03 -0700 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2009-07-31 16:56:49 -0700 |
| commit | 8519768fc563db29e29d9e81ca3198b7e003bc61 (patch) | |
| tree | 16341106a8b8dba37e0b76f4b47b828ec4019bf1 | |
| parent | 75f12b85f8ba35e54bcd457d11e90c8b2ba89fa9 (diff) | |
| download | vyatta-cfg-firewall-8519768fc563db29e29d9e81ca3198b7e003bc61.tar.gz vyatta-cfg-firewall-8519768fc563db29e29d9e81ca3198b7e003bc61.zip | |
Fix 4683: Firewall Rule number maximum 1024 reached
(cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a)
| -rw-r--r-- | lib/Vyatta/IpTables/Rule.pm | 2 | ||||
| -rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 6 | ||||
| -rw-r--r-- | templates/firewall/ipv6-modify/node.tag/rule/node.def | 4 | ||||
| -rw-r--r-- | templates/firewall/ipv6-name/node.tag/rule/node.def | 4 | ||||
| -rw-r--r-- | templates/firewall/modify/node.tag/rule/node.def | 4 | ||||
| -rw-r--r-- | templates/firewall/name/node.tag/rule/node.def | 4 |
6 files changed, 13 insertions, 11 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index 49f28e8..1c00339 100644 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -60,7 +60,7 @@ my %fields = ( ); my %dummy_rule = ( - _rule_number => 1025, + _rule_number => 10000, _protocol => "all", _state => { _established => undef, diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index 209791d..a14ef19 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -24,6 +24,8 @@ my $syslog_flag = 0; my $fw_stateful_file = '/var/run/vyatta_fw_stateful'; my $fw_tree_file = '/var/run/vyatta_fw_trees'; +my $max_rule = 10000; + my (@setup, @updateints, @updaterules); my ($teardown, $teardown_ok); @@ -705,7 +707,7 @@ sub set_default_policy { $policy = 'drop' if ! defined $policy; log_msg("set_default_policy($iptables_cmd, $table, $chain, $policy)\n"); my $target = $policy_hash{$policy}; - my $comment = "-m comment --comment \"$chain-1025 default-action $policy\""; + my $comment = "-m comment --comment \"$chain-$max_rule default-action $policy\""; run_cmd("$iptables_cmd -t $table -A $chain $comment -j $target", 1, 1); } @@ -726,7 +728,7 @@ sub change_default_policy { $policy = 'drop' if ! defined $policy; log_msg("change_default_policy($iptables_cmd, $table, $chain, $policy)\n"); my $target = $policy_hash{$policy}; - my $comment = "-m comment --comment \"$chain-1025 default-action $policy\""; + my $comment = "-m comment --comment \"$chain-$max_rule default-action $policy\""; my $default_rule = count_iptables_rules($table, $chain, $iptables_cmd); run_cmd("$iptables_cmd -t $table -A $chain $comment -j $target", 1, 1); run_cmd("$iptables_cmd -t $table -D $chain $default_rule", 1, 1); diff --git a/templates/firewall/ipv6-modify/node.tag/rule/node.def b/templates/firewall/ipv6-modify/node.tag/rule/node.def index 674abd2..33fa91b 100644 --- a/templates/firewall/ipv6-modify/node.tag/rule/node.def +++ b/templates/firewall/ipv6-modify/node.tag/rule/node.def @@ -2,6 +2,6 @@ tag: type: u32 -help: Set IPv6 modify rule number (1-1024) +help: Set IPv6 modify rule number (1-9999) -syntax:expression: $VAR(@) > 0 && $VAR(@) < 1025; "firewall rule number must be between 1 and 1024" +syntax:expression: $VAR(@) > 0 && $VAR(@) <= 9999; "firewall rule number must be between 1 and 9999" diff --git a/templates/firewall/ipv6-name/node.tag/rule/node.def b/templates/firewall/ipv6-name/node.tag/rule/node.def index c3c7b43..08a7488 100644 --- a/templates/firewall/ipv6-name/node.tag/rule/node.def +++ b/templates/firewall/ipv6-name/node.tag/rule/node.def @@ -2,6 +2,6 @@ tag: type: u32 -help: Set firewall rule number (1-1024) +help: Set firewall rule number (1-9999) -syntax:expression: $VAR(@) > 0 && $VAR(@) < 1025; "firewall rule number must be between 1 and 1024" +syntax:expression: $VAR(@) > 0 && $VAR(@) <= 9999; "firewall rule number must be between 1 and 9999" diff --git a/templates/firewall/modify/node.tag/rule/node.def b/templates/firewall/modify/node.tag/rule/node.def index 19c467b..b7366f9 100644 --- a/templates/firewall/modify/node.tag/rule/node.def +++ b/templates/firewall/modify/node.tag/rule/node.def @@ -2,6 +2,6 @@ tag: type: u32 -help: Set modify rule number (1-1024) +help: Set modify rule number (1-9999) -syntax:expression: $VAR(@) > 0 && $VAR(@) < 1025; "modify rule number must be between 1 and 1024" +syntax:expression: $VAR(@) > 0 && $VAR(@) <= 9999; "modify rule number must be between 1 and 9999" diff --git a/templates/firewall/name/node.tag/rule/node.def b/templates/firewall/name/node.tag/rule/node.def index c3c7b43..08a7488 100644 --- a/templates/firewall/name/node.tag/rule/node.def +++ b/templates/firewall/name/node.tag/rule/node.def @@ -2,6 +2,6 @@ tag: type: u32 -help: Set firewall rule number (1-1024) +help: Set firewall rule number (1-9999) -syntax:expression: $VAR(@) > 0 && $VAR(@) < 1025; "firewall rule number must be between 1 and 1024" +syntax:expression: $VAR(@) > 0 && $VAR(@) <= 9999; "firewall rule number must be between 1 and 9999" |