summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorStig Thormodsrud <stig@vyatta.com>2010-06-11 10:20:38 -0700
committerStig Thormodsrud <stig@vyatta.com>2010-06-11 10:20:38 -0700
commit403859f58ecca5a8277f6b343ca4813b497376da (patch)
tree043de5301a17d55fd6c9c1758daa8e2ebd088f52 /lib
parenta5a471f04a7427d8f987cbd1e3bded0defb8c69c (diff)
downloadvyatta-cfg-firewall-403859f58ecca5a8277f6b343ca4813b497376da.tar.gz
vyatta-cfg-firewall-403859f58ecca5a8277f6b343ca4813b497376da.zip
Fix ipt_disable_conntrack() to delete correct chain.
Diffstat (limited to 'lib')
-rwxr-xr-x[-rw-r--r--]lib/Vyatta/IpTables/Mgr.pm9
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/Vyatta/IpTables/Mgr.pm b/lib/Vyatta/IpTables/Mgr.pm
index 5381d34..0e129da 100644..100755
--- a/lib/Vyatta/IpTables/Mgr.pm
+++ b/lib/Vyatta/IpTables/Mgr.pm
@@ -80,6 +80,7 @@ sub ipt_enable_conntrack {
system("$iptables_cmd -t raw -I $label $index -j $chain");
}
}
+ return 0;
}
sub ipt_disable_conntrack {
@@ -90,12 +91,18 @@ sub ipt_disable_conntrack {
my $index;
my $conntrack_hook = $conntrack_hook_hash{$label};
$index = ipt_find_chain_rule($iptables_cmd, 'raw',
- $label, $conntrack_hook);
+ $label, $chain);
+ if (! defined($index)) {
+ print "Error: ipt_disable_conntrack failed to find "
+ . "[$label][$chain]\n";
+ return 1;
+ }
system("$iptables_cmd -t raw -D $label $index");
}
system("$iptables_cmd -t raw -F $chain >& /dev/null");
system("$iptables_cmd -t raw -X $chain >& /dev/null");
+ return 0;
}
1;