diff options
| author | root <root@eng-dhcp-191.vyatta.com> | 2012-11-16 11:25:05 -0800 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-11-19 10:15:35 -0800 |
| commit | 2029744d3b7cc83b7568e3fa474c8d079efece38 (patch) | |
| tree | 826ad45f048ed71b95cf5296759399c3f7efd520 | |
| parent | 6ad40d3fdf2e6c6552acc9c529ee894c64fc12a4 (diff) | |
| download | vyatta-cfg-firewall-2029744d3b7cc83b7568e3fa474c8d079efece38.tar.gz vyatta-cfg-firewall-2029744d3b7cc83b7568e3fa474c8d079efece38.zip | |
initial script for reset firewall group command
(cherry picked from commit c10ab7f443c581ffd31779f6e32b0d28f5c8366f)
| -rwxr-xr-x | lib/Vyatta/IpTables/IpSet.pm | 16 | ||||
| -rwxr-xr-x | scripts/firewall/vyatta-ipset.pl | 30 |
2 files changed, 24 insertions, 22 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm index 583085e..aa06540 100755 --- a/lib/Vyatta/IpTables/IpSet.pm +++ b/lib/Vyatta/IpTables/IpSet.pm @@ -211,6 +211,22 @@ sub flush { return; } +sub reset_ipset { + # main function to do the reset operation + + my ($self) = @_; + my $name = $self->{_name}; + print " ipset type $self->{__type}\n"; + # reset one rule or all? + if ($name eq 'all') { + print "reset all ipset rules\n"; + #reset_ipset_all(); + } else { + print "reset ipset rule $name\n"; + #reset_ipset_named(); + } +} + sub delete { my ($self) = @_; diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl index 0070fb4..99ae085 100755 --- a/scripts/firewall/vyatta-ipset.pl +++ b/scripts/firewall/vyatta-ipset.pl @@ -36,15 +36,12 @@ use Sort::Versions; use warnings; use strict; -sub get_sys_sets { - my @sets = (); - my @lines = `ipset -L`; - foreach my $line (@lines) { - if ($line =~ /^Name:\s+(\w+)$/) { - push @sets, $1; - } - } - return @sets; +sub ipset_reset { + my ($set_name, $set_type) = @_; + + my $group = new Vyatta::IpTables::IpSet($set_name, $set_type); + + return $group->reset_ipset(); } sub ipset_create { @@ -301,19 +298,6 @@ sub prune_deleted_sets { return $rc if (($rc = ipset_delete($g))); } } - # fixup system sets - my @sys_sets = get_sys_sets(); - foreach my $set (@sys_sets) { - my $group = new Vyatta::IpTables::IpSet($set); - # only try groups with no references - if ($group->exists() && ($group->references() == 0)) { - my $type = $group->get_type(); - $cfg->setLevel("firewall group $type-group"); - next if ($cfg->isEffective($set)); # don't prune if still in config - my $rc; - return $rc if (($rc = ipset_delete($set))); - } - } exit 0; } @@ -333,6 +317,8 @@ GetOptions("action=s" => \$action, die "undefined action" if ! defined $action; my $rc; +$rc = ipset_reset($set_name, $set_type) if $action eq 'reset-set'; + $rc = ipset_create($set_name, $set_type) if $action eq 'create-set'; $rc = ipset_delete($set_name) if $action eq 'delete-set'; |