diff options
| author | Mohit Mehta <mohit@vyatta.com> | 2011-04-18 18:14:33 -0700 |
|---|---|---|
| committer | Mohit Mehta <mohit@vyatta.com> | 2011-04-18 18:14:33 -0700 |
| commit | d2a481a204e619b8a47ceed11a87173cc4de892c (patch) | |
| tree | 7e60f2bf8473753ab5782867901161c70a46b920 | |
| parent | 874aa1c84d04908f6d8c5d58dde9e9071938ce7e (diff) | |
| download | vyatta-cfg-firewall-d2a481a204e619b8a47ceed11a87173cc4de892c.tar.gz vyatta-cfg-firewall-d2a481a204e619b8a47ceed11a87173cc4de892c.zip | |
* Fix Bug 6915 conntrack-hash-size reverts to default after upgrade
add script conntrack-hash-size in check-params-on-reboot.d to fix problem
of 'firewall conntrack-hash-size' value being out-of-sync with the underlying
value when newly installed image boots for the first time
| -rw-r--r-- | Makefile.am | 4 | ||||
| -rw-r--r-- | debian/vyatta-cfg-firewall.install | 1 | ||||
| -rwxr-xr-x | scripts/check-params-on-reboot.d/conntrack-hash-size | 20 |
3 files changed, 25 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 0fc5b44..eb642c0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,14 +2,18 @@ cfgdir = $(datadir)/vyatta-cfg/templates share_perl5dir = /opt/vyatta/share/perl5/Vyatta/IpTables curverdir = $(sysconfdir)/config-migrate/current modprobedir = /etc/modprobe.d +checkparamsonrebootdir = $(bindir)/sudo-users/check-params-on-reboot.d modprobe_DATA = etc/modprobe.d/vyatta_nf_conntrack.conf modprobe_DATA += etc/modprobe.d/vyatta_xt_recent.conf +checkparamsonreboot_SCRIPTS = sbin_SCRIPTS = share_perl5_DATA = curver_DATA = cfg-version/firewall@4 +checkparamsonreboot_SCRIPTS += scripts/check-params-on-reboot.d/conntrack-hash-size + sbin_SCRIPTS += scripts/firewall/vyatta-firewall.pl sbin_SCRIPTS += scripts/firewall/firewall.init sbin_SCRIPTS += scripts/firewall/vyatta-ipset.pl diff --git a/debian/vyatta-cfg-firewall.install b/debian/vyatta-cfg-firewall.install index 633b9e0..57cc62b 100644 --- a/debian/vyatta-cfg-firewall.install +++ b/debian/vyatta-cfg-firewall.install @@ -1,4 +1,5 @@ etc/modprobe.d +opt/vyatta/bin/sudo-users/check-params-on-reboot.d opt/vyatta/sbin opt/vyatta/etc opt/vyatta/share/perl5 diff --git a/scripts/check-params-on-reboot.d/conntrack-hash-size b/scripts/check-params-on-reboot.d/conntrack-hash-size new file mode 100755 index 0000000..6b3ba83 --- /dev/null +++ b/scripts/check-params-on-reboot.d/conntrack-hash-size @@ -0,0 +1,20 @@ +#!/bin/sh +# +# fix conntrack-hash-size on reboot +# + +BOOTFILE=$1 +cthash_cfg=$(cli-shell-api cfReturnValue $BOOTFILE firewall conntrack-hash-size) + +if [ -z "$cthash_cfg" ]; then + cthash_cfg=4096 # default hashsize value that Vyatta ships +fi + +if ! grep -q "nf_conntrack hashsize=$cthash_cfg$" \ + /etc/modprobe.d/vyatta_nf_conntrack.conf +then + sudo sh -c "sed -i -e '/options nf_conntrack hashsize/d' \ + /etc/modprobe.d/vyatta_nf_conntrack.conf" + sudo sh -c "echo options nf_conntrack hashsize=$cthash_cfg >> \ + /etc/modprobe.d/vyatta_nf_conntrack.conf" +fi |