diff options
| author | Bob Gilligan <gilligan@vyatta.com> | 2009-03-04 11:55:40 -0800 |
|---|---|---|
| committer | Bob Gilligan <gilligan@vyatta.com> | 2009-03-04 11:55:40 -0800 |
| commit | 68c50c0fd6c97e89598fffae230127d249e94cf1 (patch) | |
| tree | 18c33e439ad8d04f48a0822a5c23df8fa9788c43 /scripts | |
| parent | 5c08813dd428ffb12f8a9ca1bb82dd446b82942f (diff) | |
| download | vyatta-cfg-firewall-68c50c0fd6c97e89598fffae230127d249e94cf1.tar.gz vyatta-cfg-firewall-68c50c0fd6c97e89598fffae230127d249e94cf1.zip | |
Don't attempt to delete ruleset from "other" trees
When a ruleset was being applied to an interface, the code previously
attempted to find out if that ruleset name was being applied to that
same interface and in the same direction, but under a different "tree"
name (e.g. "name", "ipv6-name", "modify", etc.). If it found a match, it
would delete the other rule. But the matching logic
was insufficient, so it killed off some random other rule instead.
There is really no need to perform this check anyway, so I have
removed it.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index 0f2e328..4c39156 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -88,15 +88,7 @@ if ($#updateints == 4) { "Rule set \"$chain\" is not configured\n"; exit 1; } - # chain must have been set up. no need to set up again. - # user may specify a chain in a different tree. try to delete it - # from the "other" trees first. - foreach my $other_tree (keys %table_hash) { - if ($other_tree ne $tree) { - update_ints('delete', $int_name, $direction, $chain, $tree, - $table_hash{$other_tree}, $cmd_hash{$other_tree}); - } - } + # do update action. update_ints(@updateints, $table, $iptables_cmd); } else { |