diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2010-03-18 19:44:41 -0700 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2010-03-18 19:44:41 -0700 |
| commit | ce3389b3cafa928fd2468705c049ef958f5f4266 (patch) | |
| tree | ad90ec0f77c6d7c22416591ece600fbdf3f7794a /templates/firewall/group/address-group | |
| parent | a3997491b17f5451f44ea77359e4a2f7c2fc3555 (diff) | |
| download | vyatta-cfg-firewall-ce3389b3cafa928fd2468705c049ef958f5f4266.tar.gz vyatta-cfg-firewall-ce3389b3cafa928fd2468705c049ef958f5f4266.zip | |
Fix firewall group parent delete while still referenced.
Diffstat (limited to 'templates/firewall/group/address-group')
| -rw-r--r-- | templates/firewall/group/address-group/node.tag/address/node.def | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/templates/firewall/group/address-group/node.tag/address/node.def b/templates/firewall/group/address-group/node.tag/address/node.def index d5f85b0..ff743f9 100644 --- a/templates/firewall/group/address-group/node.tag/address/node.def +++ b/templates/firewall/group/address-group/node.tag/address/node.def @@ -11,7 +11,8 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \ create: tmpgrp=$VAR(../@)-$PPID tmpfile="/tmp/$VAR(../@)-$PPID"; - if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then + if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \ + [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \ --set-name=$VAR(../@) if [ $? != 0 ]; then @@ -32,13 +33,25 @@ create: tmpgrp=$VAR(../@)-$PPID exit 1; fi; - if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then + if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \ + [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then sudo ipset --swap $tmpgrp "$VAR(../@)"; sudo ipset --destroy $tmpgrp; rm -f $tmpfile; fi; -delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \ +delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \ + --set-name=$VAR(../@) --set-type=address; + if [ $? == 0 ] ; then + sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-used \ + --set-name=$VAR(../@) --set-type=address + if [ $? == 0 ] ; then + echo "Error: group [$VAR(../@)] still in use." + exit 1; + fi + fi + + sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \ --set-name=$VAR(../@) \ --member="$VAR(@)" |