diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2009-06-15 18:07:12 -0700 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2009-06-15 18:10:41 -0700 |
| commit | ab23370a369bb999eba110b50423eb36136a1bcd (patch) | |
| tree | dbe523136ff766c34f8adcd5b894b665cc139850 /lib/Vyatta | |
| parent | 2715618badc802857ca005f329f45d5583588bd7 (diff) | |
| download | vyatta-cfg-firewall-ab23370a369bb999eba110b50423eb36136a1bcd.tar.gz vyatta-cfg-firewall-ab23370a369bb999eba110b50423eb36136a1bcd.zip | |
Fix negate of firewall group.
Diffstat (limited to 'lib/Vyatta')
| -rwxr-xr-x | lib/Vyatta/IpTables/IpSet.pm | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm index 60ec2f2..a0038c2 100755 --- a/lib/Vyatta/IpTables/IpSet.pm +++ b/lib/Vyatta/IpTables/IpSet.pm @@ -37,6 +37,7 @@ my %fields = ( _name => undef, _type => undef, # vyatta group type, not ipset type _exists => undef, + _negate => undef, _debug => undef, ); @@ -61,6 +62,10 @@ sub new { my $self = { %fields, }; + if ($name =~ m/^!/) { + $self->{_negate} = 1; + $name =~ s/^!(.*)$/$1/; + } $self->{_name} = $name; $self->{_type} = $type; @@ -402,6 +407,7 @@ sub get_firewall_references { $config->setLevel($rule_path); my $group_type = "$self->{_type}-group"; my $value = $config->returnOrigValue($group_type); + $value =~ s/^!(.*)$/$1/ if defined $value; if (defined $value and $self->{_name} eq $value) { push @fw_refs, "$name-$rule-$dir"; } @@ -427,7 +433,9 @@ sub rule { $srcdst = 'dst' if $direction eq 'destination'; return (undef, "Invalid direction [$direction]") if ! defined $srcdst; - return (" -m set --set $grp $srcdst ", ); + my $opt = ''; + $opt = '!' if $self->{_negate}; + return (" -m set $opt --set $grp $srcdst ", ); } 1; |