diff options
| author | Mohit Mehta <mohit@vyatta.com> | 2010-11-11 18:02:06 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit@vyatta.com> | 2010-11-11 18:02:06 -0800 |
| commit | 36ab7a16aaa90e5a4daf84001d40741f440878bf (patch) | |
| tree | f369afbb512d48715ce68758714139bb8a8e6328 /lib/Vyatta | |
| parent | 3d6d650b1d185a20be83dce660409b25cb244140 (diff) | |
| download | vyatta-cfg-firewall-36ab7a16aaa90e5a4daf84001d40741f440878bf.tar.gz vyatta-cfg-firewall-36ab7a16aaa90e5a4daf84001d40741f440878bf.zip | |
Fix Bug 6421 cannot set content-inspection in the same
direction for two or more interfaces
* invoke all iptables commands using sudo in the Mgr module. also fixes this
bug where chain_referenced was returning wrong value due to permissions issue
Diffstat (limited to 'lib/Vyatta')
| -rwxr-xr-x | lib/Vyatta/IpTables/Mgr.pm | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/lib/Vyatta/IpTables/Mgr.pm b/lib/Vyatta/IpTables/Mgr.pm index f5ea655..5b3c9b4 100755 --- a/lib/Vyatta/IpTables/Mgr.pm +++ b/lib/Vyatta/IpTables/Mgr.pm @@ -38,7 +38,7 @@ sub ipt_find_chain_rule { my ($num, $chain2) = (undef, undef); my $cmd = "$iptables_cmd -t $table -L $chain -vn --line"; - my @lines = `$cmd 2> /dev/null | egrep ^[0-9]`; + my @lines = `sudo $cmd 2> /dev/null | egrep ^[0-9]`; if (scalar(@lines) < 1) { return; } @@ -60,12 +60,12 @@ my %conntrack_hook_hash = sub ipt_enable_conntrack { my ($iptables_cmd, $chain) = @_; - system("$iptables_cmd -t raw -L $chain -n >& /dev/null"); + system("sudo $iptables_cmd -t raw -L $chain -n >& /dev/null"); if ($? >> 8) { # chain does not exist yet. set up conntrack. - system("$iptables_cmd -t raw -N $chain"); - system("$iptables_cmd -t raw -A $chain -j ACCEPT"); + system("sudo $iptables_cmd -t raw -N $chain"); + system("sudo $iptables_cmd -t raw -A $chain -j ACCEPT"); foreach my $label ('PREROUTING', 'OUTPUT') { my $index; @@ -77,7 +77,7 @@ sub ipt_enable_conntrack { return 1; } $index++; - system("$iptables_cmd -t raw -I $label $index -j $chain"); + system("sudo $iptables_cmd -t raw -I $label $index -j $chain"); } } return 0; @@ -97,11 +97,11 @@ sub ipt_disable_conntrack { . "[$label][$chain]\n"; return 1; } - system("$iptables_cmd -t raw -D $label $index"); + system("sudo $iptables_cmd -t raw -D $label $index"); } - system("$iptables_cmd -t raw -F $chain >& /dev/null"); - system("$iptables_cmd -t raw -X $chain >& /dev/null"); + system("sudo $iptables_cmd -t raw -F $chain >& /dev/null"); + system("sudo $iptables_cmd -t raw -X $chain >& /dev/null"); return 0; } @@ -133,7 +133,7 @@ sub chain_referenced { my ( $table, $chain, $iptables_cmd ) = @_; my $cmd = "$iptables_cmd -t $table -n -L $chain"; - my $line = `$cmd 2>/dev/null |head -n1`; + my $line = `sudo $cmd 2>/dev/null |head -n1`; chomp $line; my $found = 0; if ( $line =~ m/^Chain $chain \((\d+) references\)$/ ) { |