diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-05-08 17:14:04 -0700 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-05-08 17:14:04 -0700 |
| commit | c690c60ff29d8ee2f3f62bc38d99c05f3300002f (patch) | |
| tree | 4ccb5329687765e8c8a035fed7407bea76fe379c | |
| parent | 2cc639cacae969af4f36a7b587f86ac479ebe729 (diff) | |
| download | vyatta-cfg-firewall-c690c60ff29d8ee2f3f62bc38d99c05f3300002f.tar.gz vyatta-cfg-firewall-c690c60ff29d8ee2f3f62bc38d99c05f3300002f.zip | |
Fix Bug 4388 firewall name shouldn't have been set after commit failed
* undo chain setup and refcnt work if chain rule failed during chain creation
| -rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index 888563e..84319fa 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -406,6 +406,11 @@ sub update_rules { my ($err_str, @rule_strs) = $node->rule(); if (defined($err_str)) { + if ($nodes{$name} eq 'added') { + # undo setup_chain work, remove_refcnt + delete_chain($table, "$name", $iptables_cmd); + remove_refcnt($fw_tree_file, "$tree.$name"); + } print STDERR "Firewall config error: $err_str\n"; exit 1; } @@ -416,7 +421,14 @@ sub update_rules { run_cmd("$iptables_cmd -t $table --insert $name $iptablesrule $_", 0, 0); - die "$iptables_cmd error: $! - $_" if ($? >> 8); + if ($? >> 8) { + if ($nodes{$name} eq 'added') { + # undo setup_chain work, remove_refcnt + delete_chain($table, "$name", $iptables_cmd); + remove_refcnt($fw_tree_file, "$tree.$name"); + } + die "$iptables_cmd error: $! - $_"; + } $iptablesrule++; } } elsif ("$rulehash{$rule}" eq 'changed') { |