diff options
author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-11-20 10:26:46 -0800 |
---|---|---|
committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-11-20 10:26:46 -0800 |
commit | 1ea6a1694f12b234f4fa02f0e278e81ac0e64ac6 (patch) | |
tree | 982ddf3238f8a050f2949f6d188457910cd37d8c | |
parent | 207ee5b937bcb4cb5bcb4c6829bfad5d1d14fe77 (diff) | |
parent | 9bdf8747b55b934e22133a10c3fddf1bc0a5ad1a (diff) | |
download | vyatta-cfg-firewall-1ea6a1694f12b234f4fa02f0e278e81ac0e64ac6.tar.gz vyatta-cfg-firewall-1ea6a1694f12b234f4fa02f0e278e81ac0e64ac6.zip |
Merge branch 'pacifica' of git.vyatta.com:/git/vyatta-cfg-firewall into pacifica
-rw-r--r-- | debian/changelog | 6 | ||||
-rwxr-xr-x | scripts/firewall/vyatta-ipset.pl | 24 |
2 files changed, 30 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 4ce3a26..00125d2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-firewall (0.13.90+pacifica5) unstable; urgency=low + + * Bugfix 7613: cleanup firewall groups correctly + + -- John Southworth <john.southworth@vyatta.com> Mon, 19 Nov 2012 13:14:59 -0800 + vyatta-cfg-firewall (0.13.90+pacifica4) unstable; urgency=low [ root ] diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl index ddac0b9..0627381 100755 --- a/scripts/firewall/vyatta-ipset.pl +++ b/scripts/firewall/vyatta-ipset.pl @@ -37,6 +37,16 @@ use IO::Prompt; use warnings; use strict; +sub get_sys_sets { + my @sets = (); + my @lines = `ipset -L`; + foreach my $line (@lines) { + if ($line =~ /^Name:\s+(\w+)$/) { + push @sets, $1; + } + } + return @sets; +} sub warn_before_reset { if (prompt("This can be temporarily disruptive: Proceed with reset? (Yes/No) [No] ", -ynd=>"n")) { @@ -310,6 +320,20 @@ sub prune_deleted_sets { return $rc if (($rc = ipset_delete($g))); } } + + # fixup system sets + my @sys_sets = get_sys_sets(); + foreach my $set (@sys_sets) { + my $group = new Vyatta::IpTables::IpSet($set); + # only try groups with no references + if ($group->exists() && ($group->references() == 0)) { + my $type = $group->get_type(); + $cfg->setLevel("firewall group $type-group"); + next if ($cfg->isEffective($set)); # don't prune if still in config + my $rc; + return $rc if (($rc = ipset_delete($set))); + } + } exit 0; } |