diff options
| author | Stig <sthormod@gmail.com> | 2011-08-29 14:40:40 -0700 |
|---|---|---|
| committer | Mohit Mehta <mohit@vyatta.com> | 2011-08-29 14:40:40 -0700 |
| commit | 77e338a9b5e668fb1104e2fb939a90b4d73f7ab0 (patch) | |
| tree | 4dec9d67c5a67eb94562e0bc5a0ed258f7626b26 | |
| parent | b1ac4c0f80e6304fefed1c3826bb3ad5b757cd59 (diff) | |
| download | vyatta-cfg-firewall-77e338a9b5e668fb1104e2fb939a90b4d73f7ab0.tar.gz vyatta-cfg-firewall-77e338a9b5e668fb1104e2fb939a90b4d73f7ab0.zip | |
Fix Bug 7477 firewall group negation doesn't work in vc6.3
* use Ipset.pm method rather than CLI path to validate group name
when using group as a match condition in a firewall ruleset
| -rwxr-xr-x | scripts/firewall/vyatta-ipset.pl | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl index 5dfe3a9..90abc34 100755 --- a/scripts/firewall/vyatta-ipset.pl +++ b/scripts/firewall/vyatta-ipset.pl @@ -83,9 +83,13 @@ sub ipset_check_set_type { die "Error: undefined set_name\n" if ! defined $set_name; die "Error: undefined set_type\n" if ! defined $set_type; - my $cfg = new Vyatta::Config; - return "Group [$set_name] has not been defined\n" - if (!$cfg->exists("firewall group $set_type-group $set_name")); + my $group = new Vyatta::IpTables::IpSet($set_name); + return "Group [$set_name] has not been defined\n" if ! $group->exists(); + my $type = $group->get_type(); + $type = 'undefined' if ! defined $type; + if ($type ne $set_type) { + return "Error: group [$set_name] is of type [$type] not [$set_type]\n"; + } return; } |