diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2010-11-29 15:00:24 -0800 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2010-11-29 15:00:24 -0800 |
| commit | 020a6b9a4fa6047770363f562e4601c6e9f09ffd (patch) | |
| tree | fa83ea44147e6107f5d078c7aac307ae7bbae2ba /lib | |
| parent | adc2eab545a33da7414b9a733525be8f88207385 (diff) | |
| parent | 10b4ae65d1dff403f447609a9aa0c221a2212658 (diff) | |
| download | vyatta-cfg-firewall-020a6b9a4fa6047770363f562e4601c6e9f09ffd.tar.gz vyatta-cfg-firewall-020a6b9a4fa6047770363f562e4601c6e9f09ffd.zip | |
Merge branch 'mendocino' of http://git.vyatta.com/vyatta-cfg-firewall into mendocino
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/Vyatta/IpTables/Mgr.pm | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/lib/Vyatta/IpTables/Mgr.pm b/lib/Vyatta/IpTables/Mgr.pm index f5ea655..5b3c9b4 100755 --- a/lib/Vyatta/IpTables/Mgr.pm +++ b/lib/Vyatta/IpTables/Mgr.pm @@ -38,7 +38,7 @@ sub ipt_find_chain_rule { my ($num, $chain2) = (undef, undef); my $cmd = "$iptables_cmd -t $table -L $chain -vn --line"; - my @lines = `$cmd 2> /dev/null | egrep ^[0-9]`; + my @lines = `sudo $cmd 2> /dev/null | egrep ^[0-9]`; if (scalar(@lines) < 1) { return; } @@ -60,12 +60,12 @@ my %conntrack_hook_hash = sub ipt_enable_conntrack { my ($iptables_cmd, $chain) = @_; - system("$iptables_cmd -t raw -L $chain -n >& /dev/null"); + system("sudo $iptables_cmd -t raw -L $chain -n >& /dev/null"); if ($? >> 8) { # chain does not exist yet. set up conntrack. - system("$iptables_cmd -t raw -N $chain"); - system("$iptables_cmd -t raw -A $chain -j ACCEPT"); + system("sudo $iptables_cmd -t raw -N $chain"); + system("sudo $iptables_cmd -t raw -A $chain -j ACCEPT"); foreach my $label ('PREROUTING', 'OUTPUT') { my $index; @@ -77,7 +77,7 @@ sub ipt_enable_conntrack { return 1; } $index++; - system("$iptables_cmd -t raw -I $label $index -j $chain"); + system("sudo $iptables_cmd -t raw -I $label $index -j $chain"); } } return 0; @@ -97,11 +97,11 @@ sub ipt_disable_conntrack { . "[$label][$chain]\n"; return 1; } - system("$iptables_cmd -t raw -D $label $index"); + system("sudo $iptables_cmd -t raw -D $label $index"); } - system("$iptables_cmd -t raw -F $chain >& /dev/null"); - system("$iptables_cmd -t raw -X $chain >& /dev/null"); + system("sudo $iptables_cmd -t raw -F $chain >& /dev/null"); + system("sudo $iptables_cmd -t raw -X $chain >& /dev/null"); return 0; } @@ -133,7 +133,7 @@ sub chain_referenced { my ( $table, $chain, $iptables_cmd ) = @_; my $cmd = "$iptables_cmd -t $table -n -L $chain"; - my $line = `$cmd 2>/dev/null |head -n1`; + my $line = `sudo $cmd 2>/dev/null |head -n1`; chomp $line; my $found = 0; if ( $line =~ m/^Chain $chain \((\d+) references\)$/ ) { |