diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-11-19 10:24:25 -0800 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-11-19 10:24:25 -0800 |
| commit | 2c2cd1aef9eada852084ecebb3c76e468cc56a2a (patch) | |
| tree | 6f9ba949205382d869a9220d7e511e6343f78444 | |
| parent | 977f7ad60c252ed3c23176d5e764cd9231784fc7 (diff) | |
| download | vyatta-cfg-firewall-2c2cd1aef9eada852084ecebb3c76e468cc56a2a.tar.gz vyatta-cfg-firewall-2c2cd1aef9eada852084ecebb3c76e468cc56a2a.zip | |
added reset all groups functions
(cherry picked from commit b090e8cf73480ba6bbf967bf1fbd8f59e1a8843d)
Conflicts:
scripts/firewall/vyatta-ipset.pl
| -rwxr-xr-x | lib/Vyatta/IpTables/IpSet.pm | 23 | ||||
| -rwxr-xr-x | scripts/firewall/vyatta-ipset.pl | 1 |
2 files changed, 18 insertions, 6 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm index 089a3b8..5c4b6ce 100755 --- a/lib/Vyatta/IpTables/IpSet.pm +++ b/lib/Vyatta/IpTables/IpSet.pm @@ -214,13 +214,11 @@ sub flush { sub rebuild_ipset() { my ($self) = @_; - print "rebuilding ipset\n"; my $name = $self->{_name}; my $type = $self->{_type}; my $config = new Vyatta::Config; my @members = $config->returnOrigValues("firewall group $type-group $name $type"); - print "firewall group $type-group $name @members\n"; # go through the firewall group config with this name, my $member; foreach $member (@members) { @@ -231,7 +229,6 @@ sub rebuild_ipset() { sub reset_ipset_named { my ($self) = @_; my $name = $self->{_name}; - print "reset ipset group $name\n"; # flush the ipset group first, then re-build the group from configuration $self->flush(); @@ -239,14 +236,30 @@ sub reset_ipset_named { } sub reset_ipset_all { - print "reset all ipset rules\n"; + my $config = new Vyatta::Config; + my @pgroups = $config->listOrigNodes("firewall group port-group"); + my @adgroups = $config->listOrigNodes("firewall group address-group"); + my @nwgroups = $config->listOrigNodes("firewall group network-group"); + my $group; + + foreach $group (@pgroups) { + my $grp = new Vyatta::IpTables::IpSet($group, "port"); + $grp->reset_ipset_named(); + } + foreach $group (@adgroups) { + my $grp = new Vyatta::IpTables::IpSet($group, "address"); + $grp->reset_ipset_named(); + } + foreach $group (@nwgroups) { + my $grp = new Vyatta::IpTables::IpSet($group, "network"); + $grp->reset_ipset_named(); + } } sub reset_ipset { # main function to do the reset operation my ($self) = @_; my $name = $self->{_name}; - print "type reset_ipset: $self->{_type}\n"; my $lockcmd = "touch $lockfile"; my $unlockcmd = "rm -f $lockfile"; diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl index 986ad13..99ae085 100755 --- a/scripts/firewall/vyatta-ipset.pl +++ b/scripts/firewall/vyatta-ipset.pl @@ -317,7 +317,6 @@ GetOptions("action=s" => \$action, die "undefined action" if ! defined $action; my $rc; -print "type is $set_type\n"; $rc = ipset_reset($set_name, $set_type) if $action eq 'reset-set'; $rc = ipset_create($set_name, $set_type) if $action eq 'create-set'; |