summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@baturin.org>2014-08-02 00:05:39 +0200
committerDaniil Baturin <daniil@baturin.org>2014-08-02 00:05:39 +0200
commit183af305ee2be78c9320d1e7bf83d365e9759f89 (patch)
tree2f9afed7ce2c980d8566d44fb55d98e013eb24a1 /lib
parent4ccf4e5b4a2d265b19107e12635dd1b06ee0a164 (diff)
downloadvyatta-cfg-firewall-183af305ee2be78c9320d1e7bf83d365e9759f89.tar.gz
vyatta-cfg-firewall-183af305ee2be78c9320d1e7bf83d365e9759f89.zip
Bug #128: do not call ipset for every port/address in range.
ipset now supports adding ranges natively. Deletion still requires deleting every member in this version though.
Diffstat (limited to 'lib')
-rwxr-xr-xlib/Vyatta/IpTables/IpSet.pm28
1 files changed, 0 insertions, 28 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm
index b8cfb38..5222edc 100755
--- a/lib/Vyatta/IpTables/IpSet.pm
+++ b/lib/Vyatta/IpTables/IpSet.pm
@@ -388,40 +388,12 @@ sub member_exists {
return $rc ? 0 : 1;
}
-sub add_member_range {
- my ($self, $start, $stop, $alias) = @_;
-
- if ($self->{_type} eq 'port') {
- foreach my $member ($start .. $stop) {
- my $rc = $self->add_member($member, $alias);
- return $rc if defined $rc;
- }
- } elsif ($self->{_type} eq 'address') {
- # $start_ip++ won't work if it doesn't know the
- # prefix, so we'll make a big range.
- my $start_ip = new NetAddr::IP("$start/$addr_range_mask");
- my $stop_ip = new NetAddr::IP("$stop/$addr_range_mask");
- for (; $start_ip <= $stop_ip; $start_ip++) {
- my $rc = $self->add_member($start_ip->addr(), $alias);
- return $rc if defined $rc;
- last if $start_ip->cidr() eq $start_ip->broadcast();
- }
- }
- return;
-}
-
sub add_member {
my ($self, $member, $alias, $hyphenated_port) = @_;
return "Error: undefined group name" if ! defined $self->{_name};
return "Error: group [$self->{_name}] doesn't exists\n" if !$self->exists();
- # service name or port name may contain a hyphen, which needs to be escaped
- # using square brackets in ipset, to avoid confusion with port ranges
- if (($member =~ /^([^-]+)-([^-]+)$/) and ((defined ($hyphenated_port)) and ($hyphenated_port eq 'false'))) {
- return $self->add_member_range($1, $2, $alias);
- }
-
if ($self->member_exists($member)) {
my $set_name = $alias;
$set_name = $self->{_name} if ! defined $set_name;