Fix ipt_disable_conntrack() to delete correct chain.

author: Stig Thormodsrud <stig@vyatta.com> 2010-06-11 10:20:38 -0700
committer: Stig Thormodsrud <stig@vyatta.com> 2010-06-11 10:20:38 -0700
commit: 403859f58ecca5a8277f6b343ca4813b497376da (patch)
tree: 043de5301a17d55fd6c9c1758daa8e2ebd088f52 /lib
parent: a5a471f04a7427d8f987cbd1e3bded0defb8c69c (diff)
download: vyatta-cfg-firewall-403859f58ecca5a8277f6b343ca4813b497376da.tar.gz
vyatta-cfg-firewall-403859f58ecca5a8277f6b343ca4813b497376da.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/Vyatta/IpTables/Mgr.pm b/lib/Vyatta/IpTables/Mgr.pm
index 5381d34..0e129da 100644..100755
--- a/lib/Vyatta/IpTables/Mgr.pm
+++ b/lib/Vyatta/IpTables/Mgr.pm
@@ -80,6 +80,7 @@ sub ipt_enable_conntrack {
             system("$iptables_cmd -t raw -I $label $index -j $chain");
         }
     }
+    return 0;
 }
 
 sub ipt_disable_conntrack {
@@ -90,12 +91,18 @@ sub ipt_disable_conntrack {
         my $index;
         my $conntrack_hook = $conntrack_hook_hash{$label};
         $index = ipt_find_chain_rule($iptables_cmd, 'raw',
-                                     $label, $conntrack_hook);
+                                     $label, $chain);
+        if (! defined($index)) {
+            print "Error: ipt_disable_conntrack failed to find "
+                  . "[$label][$chain]\n";
+            return 1;
+        }
         system("$iptables_cmd -t raw -D $label $index");
     }
     
     system("$iptables_cmd -t raw -F $chain >& /dev/null");
     system("$iptables_cmd -t raw -X $chain >& /dev/null");
+    return 0;
 }
 
 1;
author	Stig Thormodsrud <stig@vyatta.com>	2010-06-11 10:20:38 -0700
committer	Stig Thormodsrud <stig@vyatta.com>	2010-06-11 10:20:38 -0700
commit	403859f58ecca5a8277f6b343ca4813b497376da (patch)
tree	043de5301a17d55fd6c9c1758daa8e2ebd088f52 /lib
parent	a5a471f04a7427d8f987cbd1e3bded0defb8c69c (diff)
download	vyatta-cfg-firewall-403859f58ecca5a8277f6b343ca4813b497376da.tar.gz vyatta-cfg-firewall-403859f58ecca5a8277f6b343ca4813b497376da.zip