diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-07-13 18:49:55 -0700 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-07-13 18:49:55 -0700 |
| commit | 76caaf8d611724e43d2de5e65a3ced27d33cbb7a (patch) | |
| tree | ee11baa2506f3d75559f49b188632441dbc9695e /lib/Vyatta/IpTables/IpSet.pm | |
| parent | 2faab450f91fe7bb727bafdaeee98a09b11f01fb (diff) | |
| download | vyatta-cfg-firewall-76caaf8d611724e43d2de5e65a3ced27d33cbb7a.tar.gz vyatta-cfg-firewall-76caaf8d611724e43d2de5e65a3ced27d33cbb7a.zip | |
Fix Bug 5744 unable to use firewall group with recent match condition
* use --match-set instead of --set for ipset match
* re-arrange rules when ipset and recent match are used together. instead of
appending recent match conditions to the rule; place them before ipset
match conditions
* add debugging output to look at generated rules
Diffstat (limited to 'lib/Vyatta/IpTables/IpSet.pm')
| -rwxr-xr-x | lib/Vyatta/IpTables/IpSet.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm index f53202c..a8c455e 100755 --- a/lib/Vyatta/IpTables/IpSet.pm +++ b/lib/Vyatta/IpTables/IpSet.pm @@ -439,7 +439,7 @@ sub rule { return (undef, "Invalid direction [$direction]") if ! defined $srcdst; my $opt = ''; $opt = '!' if $self->{_negate}; - return (" -m set $opt --set $grp $srcdst ", ); + return (" -m set $opt --match-set $grp $srcdst ", ); } 1; |