diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2010-02-15 13:09:45 -0800 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2010-02-15 13:09:45 -0800 |
| commit | 1798758677bb5580efd7ba3799e9ff9ba97a7b88 (patch) | |
| tree | 2f966cd5f4d071eb3039df98d80092007af2f733 /lib | |
| parent | 4db871d983aed462c9c3967beeb6f797838019e8 (diff) | |
| download | vyatta-cfg-firewall-1798758677bb5580efd7ba3799e9ff9ba97a7b88.tar.gz vyatta-cfg-firewall-1798758677bb5580efd7ba3799e9ff9ba97a7b88.zip | |
Fix 5227: firewall group config can get out of sync with ipset
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/Vyatta/IpTables/IpSet.pm | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm index 25cf74a..5f68950 100755 --- a/lib/Vyatta/IpTables/IpSet.pm +++ b/lib/Vyatta/IpTables/IpSet.pm @@ -300,39 +300,41 @@ sub member_exists { } sub add_member_range { - my ($self, $start, $stop) = @_; + my ($self, $start, $stop, $alias) = @_; if ($self->{_type} eq 'port') { foreach my $member ($start .. $stop) { - my $rc = $self->add_member($member); + my $rc = $self->add_member($member, $alias); return $rc if defined $rc; } } elsif ($self->{_type} eq 'address') { # $start_ip++ won't work if it doesn't know the # prefix, so we'll make a big range. - my $wrap_mask = $addr_range_mask - 1; - my $start_ip = new NetAddr::IP("$start/$wrap_mask"); - my $stop_ip = new NetAddr::IP($stop); + my $start_ip = new NetAddr::IP("$start/$addr_range_mask"); + my $stop_ip = new NetAddr::IP("$stop/$addr_range_mask"); for (; $start_ip <= $stop_ip; $start_ip++) { - my $rc = $self->add_member($start_ip->addr()); + my $rc = $self->add_member($start_ip->addr(), $alias); return $rc if defined $rc; + last if $start_ip->cidr() eq $start_ip->broadcast(); } } return; } sub add_member { - my ($self, $member) = @_; + my ($self, $member, $alias) = @_; return "Error: undefined group name" if ! defined $self->{_name}; return "Error: group [$self->{_name}] doesn't exists\n" if !$self->exists(); if ($member =~ /^([^-]+)-([^-]+)$/) { - return $self->add_member_range($1, $2); + return $self->add_member_range($1, $2, $alias); } if ($self->member_exists($member)) { - return "Error: member [$member] already exists in [$self->{_name}]\n"; + my $set_name = $alias; + $set_name = $self->{_name} if ! defined $set_name; + return "Error: member [$member] already exists in [$set_name]\n"; } my $cmd = "ipset -A $self->{_name} $member"; my $rc = $self->run_cmd($cmd); |