diff options
author | John Southworth <john.southworth@vyatta.com> | 2012-11-15 20:33:25 -0800 |
---|---|---|
committer | John Southworth <john.southworth@vyatta.com> | 2012-11-15 20:46:48 -0800 |
commit | 6450bc1a5650f1482b1bffe5eae2317f8ad07b7e (patch) | |
tree | 83a570ee54b38dfeddb333581b53cabed22c3cfa | |
parent | 35606660eec827da997d6a97a6c42e5c0a7b3828 (diff) | |
download | vyatta-cfg-firewall-6450bc1a5650f1482b1bffe5eae2317f8ad07b7e.tar.gz vyatta-cfg-firewall-6450bc1a5650f1482b1bffe5eae2317f8ad07b7e.zip |
Bugfix 7613: cleanup firewall groups correctly
-rwxr-xr-x | scripts/firewall/vyatta-ipset.pl | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl index ef964f3..0070fb4 100755 --- a/scripts/firewall/vyatta-ipset.pl +++ b/scripts/firewall/vyatta-ipset.pl @@ -36,6 +36,16 @@ use Sort::Versions; use warnings; use strict; +sub get_sys_sets { + my @sets = (); + my @lines = `ipset -L`; + foreach my $line (@lines) { + if ($line =~ /^Name:\s+(\w+)$/) { + push @sets, $1; + } + } + return @sets; +} sub ipset_create { my ($set_name, $set_type) = @_; @@ -291,6 +301,19 @@ sub prune_deleted_sets { return $rc if (($rc = ipset_delete($g))); } } + # fixup system sets + my @sys_sets = get_sys_sets(); + foreach my $set (@sys_sets) { + my $group = new Vyatta::IpTables::IpSet($set); + # only try groups with no references + if ($group->exists() && ($group->references() == 0)) { + my $type = $group->get_type(); + $cfg->setLevel("firewall group $type-group"); + next if ($cfg->isEffective($set)); # don't prune if still in config + my $rc; + return $rc if (($rc = ipset_delete($set))); + } + } exit 0; } |