diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2010-06-12 15:19:49 -0700 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2010-06-12 15:19:49 -0700 |
| commit | 0ef8524ab2596e221555a9947446eaa5cefd497e (patch) | |
| tree | e115f3d27fb5363a52c58e7070e4aa22255194f7 /scripts | |
| parent | 7175b3045005170bbc946c63a97acda4c24debb8 (diff) | |
| download | vyatta-cfg-firewall-0ef8524ab2596e221555a9947446eaa5cefd497e.tar.gz vyatta-cfg-firewall-0ef8524ab2596e221555a9947446eaa5cefd497e.zip | |
Dont create FW_CONNTRACK if it already exists.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index b09d159..eb115a6 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -695,8 +695,13 @@ sub setup_iptables { } # by default, nothing is tracked (the last rule in raw/PREROUTING). - ipt_enable_conntrack($iptables_cmd, 'FW_CONNTRACK'); - disable_fw_conntrack($iptables_cmd); + my $cnt = count_iptables_rules('raw', 'FW_CONNTRACK', $iptables_cmd); + if ($cnt == 0) { + ipt_enable_conntrack($iptables_cmd, 'FW_CONNTRACK'); + disable_fw_conntrack($iptables_cmd); + } else { + log_msg "FW_CONNTRACK exists $cnt\n"; + } return 0; } |