diff options
author | An-Cheng Huang <ancheng@vyatta.com> | 2011-05-03 17:28:08 +0800 |
---|---|---|
committer | An-Cheng Huang <ancheng@vyatta.com> | 2011-05-03 17:28:08 +0800 |
commit | 22d37f427054b52bd724c17d9656bca6dee7d3c5 (patch) | |
tree | 656383e504a44572561e93a93898f31409886423 /templates/firewall/group | |
parent | 6ce1a694e899ee9b99fd3ab55a6a156b6d76b91b (diff) | |
download | vyatta-cfg-firewall-22d37f427054b52bd724c17d9656bca6dee7d3c5.tar.gz vyatta-cfg-firewall-22d37f427054b52bd724c17d9656bca6dee7d3c5.zip |
modify firewall groups to work with new commitnapa-dev
Diffstat (limited to 'templates/firewall/group')
6 files changed, 6 insertions, 224 deletions
diff --git a/templates/firewall/group/address-group/node.def b/templates/firewall/group/address-group/node.def index 40462fa..5b2e510 100644 --- a/templates/firewall/group/address-group/node.def +++ b/templates/firewall/group/address-group/node.def @@ -15,12 +15,5 @@ syntax:expression: pattern $VAR(@) "^[^!]" ; \ syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \ "Firewall group name cannot contain shell punctuation" -create: sudo /opt/vyatta/sbin/vyatta-ipset.pl \ - --action=create-set \ - --set-type=address \ - --set-name="$VAR(@)" - - -delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl \ - --action=delete-set \ - --set-name="$VAR(@)" +end: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=update-set \ + --set-name="$VAR(@)" --set-type=address diff --git a/templates/firewall/group/address-group/node.tag/address/node.def b/templates/firewall/group/address-group/node.tag/address/node.def index a04dd5b..2629b9d 100644 --- a/templates/firewall/group/address-group/node.tag/address/node.def +++ b/templates/firewall/group/address-group/node.tag/address/node.def @@ -10,96 +10,3 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \ --set-type=address \ --member=\"$VAR(@)\"; " -create: tmpgrp=$VAR(../@)-$PPID - len=${#tmpgrp} - if [ "$len" -gt 31 ]; then - tmpgrp=${tmpgrp: -31}; - if [[ "$tmpgrp" =~ ^- ]]; then - tmpgrp=${tmpgrp/-/Z}; - fi - fi - tmpfile="/tmp/$tmpgrp"; - - # echo create $VAR(@) $tmpgrp $COMMIT_SIBLING_POSITION - - if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \ - --set-name=$VAR(../@) - if [ $? != 0 ]; then - # echo create $tmpfile; - touch $tmpfile; - fi; - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \ - --set-name=$VAR(../@) --set-type=address --set-copy=$tmpgrp - # echo create $tmpgrp - fi; - - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \ - --set-name="$tmpgrp" --member="$VAR(@)" --alias=$VAR(../@) - if [ $? != 0 ]; then - # echo error adding, destroy $tmpgrp - sudo ipset --destroy $tmpgrp; - if [ -e $tmpfile ]; then - # echo destroy $VAR(../@) - sudo ipset --destroy $VAR(../@); - rm $tmpfile; - fi; - exit 1; - fi; - - if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - # echo swap and destroy $tmpgrp - sudo ipset --swap $tmpgrp "$VAR(../@)"; - sudo ipset --destroy $tmpgrp; - rm -f $tmpfile; - fi; - -delete: tmpgrp=$VAR(../@)-$PPID - len=${#tmpgrp} - if [ "$len" -gt 31 ]; then - tmpgrp=${tmpgrp: -31}; - if [[ "$tmpgrp" =~ ^- ]]; then - tmpgrp=${tmpgrp/-/Z}; - fi - fi - tmpfile="/tmp/$tmpgrp"; - - # echo delete $VAR(@) $tmpgrp $COMMIT_SIBLING_POSITION - - if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \ - --set-name=$VAR(../@) - if [ $? != 0 ]; then - # echo create $tmpfile; - touch $tmpfile; - fi; - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \ - --set-name=$VAR(../@) --set-type=address --set-copy=$tmpgrp - # echo create $tmpgrp - fi; - - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \ - --set-name=$VAR(../@) --set-type=address; - if [ $? == 0 ] ; then - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-used \ - --set-name=$VAR(../@) --set-type=address - if [ $? == 0 ] ; then - echo "Error: group [$VAR(../@)] still in use." - exit 1; - fi - fi - - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \ - --set-name=$tmpgrp \ - --member="$VAR(@)" - - if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - # echo swap and destroy $tmpgrp - sudo ipset --swap $tmpgrp "$VAR(../@)"; - sudo ipset --destroy $tmpgrp; - rm -f $tmpfile; - fi; diff --git a/templates/firewall/group/network-group/node.def b/templates/firewall/group/network-group/node.def index e20b536..8e50b7d 100644 --- a/templates/firewall/group/network-group/node.def +++ b/templates/firewall/group/network-group/node.def @@ -15,12 +15,6 @@ syntax:expression: pattern $VAR(@) "^[^!]" ; \ syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \ "Firewall group name cannot contain shell punctuation" -create: sudo /opt/vyatta/sbin/vyatta-ipset.pl \ - --action=create-set \ - --set-type=network \ - --set-name="$VAR(@)" +end: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=update-set \ + --set-name="$VAR(@)" --set-type=network - -delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl \ - --action=delete-set \ - --set-name="$VAR(@)" diff --git a/templates/firewall/group/network-group/node.tag/network/node.def b/templates/firewall/group/network-group/node.tag/network/node.def index 4db4d49..7388561 100644 --- a/templates/firewall/group/network-group/node.tag/network/node.def +++ b/templates/firewall/group/network-group/node.tag/network/node.def @@ -12,21 +12,3 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \ syntax:expression: exec " \ /opt/vyatta/sbin/check_prefix_boundary $VAR(@)" \ -create: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \ - --set-name=$VAR(../@) \ - --member="$VAR(@)" - -delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \ - --set-name=$VAR(../@) --set-type=network; - if [ $? == 0 ] ; then - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-used \ - --set-name=$VAR(../@) --set-type=network - if [ $? == 0 ] ; then - echo "Error: group [$VAR(../@)] still in use." - exit 1; - fi - fi - - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \ - --set-name=$VAR(../@) \ - --member="$VAR(@)" diff --git a/templates/firewall/group/port-group/node.def b/templates/firewall/group/port-group/node.def index 76fef9e..949403e 100644 --- a/templates/firewall/group/port-group/node.def +++ b/templates/firewall/group/port-group/node.def @@ -15,12 +15,5 @@ syntax:expression: pattern $VAR(@) "^[^!]" ; \ syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \ "Firewall group name cannot contain shell punctuation" -create: sudo /opt/vyatta/sbin/vyatta-ipset.pl \ - --action=create-set \ - --set-type=port \ - --set-name="$VAR(@)" - - -delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl \ - --action=delete-set \ - --set-name="$VAR(@)" +end: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=update-set \ + --set-name="$VAR(@)" --set-type=port diff --git a/templates/firewall/group/port-group/node.tag/port/node.def b/templates/firewall/group/port-group/node.tag/port/node.def index 6e657c4..7a9b867 100644 --- a/templates/firewall/group/port-group/node.tag/port/node.def +++ b/templates/firewall/group/port-group/node.tag/port/node.def @@ -11,90 +11,3 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \ --set-name=$VAR(../@) \ --set-type=port \ --member=\"$VAR(@)\"; " - -create: tmpgrp=$VAR(../@)-$PPID - len=${#tmpgrp} - if [ "$len" -gt 31 ]; then - tmpgrp=${tmpgrp: -31}; - if [[ "$tmpgrp" =~ ^- ]]; then - tmpgrp=${tmpgrp/-/Z}; - fi - fi - tmpfile="/tmp/$tmpgrp"; - - if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \ - --set-name=$VAR(../@) - if [ $? != 0 ]; then - touch $tmpfile; - fi; - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \ - --set-name=$VAR(../@) --set-type=port --set-copy=$tmpgrp - fi; - - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \ - --set-name="$tmpgrp" --member="$VAR(@)" --alias=$VAR(../@) - if [ $? != 0 ]; then - sudo ipset --destroy $tmpgrp; - if [ -e $tmpfile ]; then - sudo ipset --destroy $VAR(../@); - rm $tmpfile; - fi; - exit 1; - fi; - - if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - sudo ipset --swap $tmpgrp "$VAR(../@)"; - sudo ipset --destroy $tmpgrp; - rm -f $tmpfile; - fi; - -delete: tmpgrp=$VAR(../@)-$PPID - len=${#tmpgrp} - if [ "$len" -gt 31 ]; then - tmpgrp=${tmpgrp: -31}; - if [[ "$tmpgrp" =~ ^- ]]; then - tmpgrp=${tmpgrp/-/Z}; - fi - fi - tmpfile="/tmp/$tmpgrp"; - - # echo delete $VAR(@) $tmpgrp $COMMIT_SIBLING_POSITION - - if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \ - --set-name=$VAR(../@) - if [ $? != 0 ]; then - # echo create $tmpfile; - touch $tmpfile; - fi; - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \ - --set-name=$VAR(../@) --set-type=port --set-copy=$tmpgrp - # echo create $tmpgrp - fi; - - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \ - --set-name=$VAR(../@) --set-type=port; - if [ $? == 0 ] ; then - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-used \ - --set-name=$VAR(../@) --set-type=port - if [ $? == 0 ] ; then - echo "Error: group [$VAR(../@)] still in use." - exit 1; - fi - fi - - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \ - --set-name=$tmpgrp \ - --member="$VAR(@)" - - if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - # echo swap and destroy $tmpgrp - sudo ipset --swap $tmpgrp "$VAR(../@)"; - sudo ipset --destroy $tmpgrp; - rm -f $tmpfile; - fi; |