diff options
| author | John Southworth <john.southworth@vyatta.com> | 2012-11-15 20:33:25 -0800 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2012-11-15 20:33:25 -0800 |
| commit | a561eb5b1114ae1f4f94cf5d10b692b8d3fd443e (patch) | |
| tree | ec0d039b440c509007adf84a2f6483efdad75cf7 | |
| parent | 8b2d853f81d4c0984e7daca6c7d492f5b75013d6 (diff) | |
| download | vyatta-cfg-firewall-a561eb5b1114ae1f4f94cf5d10b692b8d3fd443e.tar.gz vyatta-cfg-firewall-a561eb5b1114ae1f4f94cf5d10b692b8d3fd443e.zip | |
Bugfix 7613: cleanup firewall groups correctly
| -rwxr-xr-x | scripts/firewall/vyatta-ipset.pl | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl index ef964f3..0070fb4 100755 --- a/scripts/firewall/vyatta-ipset.pl +++ b/scripts/firewall/vyatta-ipset.pl @@ -36,6 +36,16 @@ use Sort::Versions; use warnings; use strict; +sub get_sys_sets { + my @sets = (); + my @lines = `ipset -L`; + foreach my $line (@lines) { + if ($line =~ /^Name:\s+(\w+)$/) { + push @sets, $1; + } + } + return @sets; +} sub ipset_create { my ($set_name, $set_type) = @_; @@ -291,6 +301,19 @@ sub prune_deleted_sets { return $rc if (($rc = ipset_delete($g))); } } + # fixup system sets + my @sys_sets = get_sys_sets(); + foreach my $set (@sys_sets) { + my $group = new Vyatta::IpTables::IpSet($set); + # only try groups with no references + if ($group->exists() && ($group->references() == 0)) { + my $type = $group->get_type(); + $cfg->setLevel("firewall group $type-group"); + next if ($cfg->isEffective($set)); # don't prune if still in config + my $rc; + return $rc if (($rc = ipset_delete($set))); + } + } exit 0; } |