summaryrefslogtreecommitdiff
path: root/templates/firewall/group
diff options
context:
space:
mode:
authorAn-Cheng Huang <ancheng@vyatta.com>2011-05-03 17:28:08 +0800
committerAn-Cheng Huang <ancheng@vyatta.com>2011-05-03 17:28:08 +0800
commit22d37f427054b52bd724c17d9656bca6dee7d3c5 (patch)
tree656383e504a44572561e93a93898f31409886423 /templates/firewall/group
parent6ce1a694e899ee9b99fd3ab55a6a156b6d76b91b (diff)
downloadvyatta-cfg-firewall-22d37f427054b52bd724c17d9656bca6dee7d3c5.tar.gz
vyatta-cfg-firewall-22d37f427054b52bd724c17d9656bca6dee7d3c5.zip
modify firewall groups to work with new commitnapa-dev
Diffstat (limited to 'templates/firewall/group')
-rw-r--r--templates/firewall/group/address-group/node.def11
-rw-r--r--templates/firewall/group/address-group/node.tag/address/node.def93
-rw-r--r--templates/firewall/group/network-group/node.def10
-rw-r--r--templates/firewall/group/network-group/node.tag/network/node.def18
-rw-r--r--templates/firewall/group/port-group/node.def11
-rw-r--r--templates/firewall/group/port-group/node.tag/port/node.def87
6 files changed, 6 insertions, 224 deletions
diff --git a/templates/firewall/group/address-group/node.def b/templates/firewall/group/address-group/node.def
index 40462fa..5b2e510 100644
--- a/templates/firewall/group/address-group/node.def
+++ b/templates/firewall/group/address-group/node.def
@@ -15,12 +15,5 @@ syntax:expression: pattern $VAR(@) "^[^!]" ; \
syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \
"Firewall group name cannot contain shell punctuation"
-create: sudo /opt/vyatta/sbin/vyatta-ipset.pl \
- --action=create-set \
- --set-type=address \
- --set-name="$VAR(@)"
-
-
-delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl \
- --action=delete-set \
- --set-name="$VAR(@)"
+end: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=update-set \
+ --set-name="$VAR(@)" --set-type=address
diff --git a/templates/firewall/group/address-group/node.tag/address/node.def b/templates/firewall/group/address-group/node.tag/address/node.def
index a04dd5b..2629b9d 100644
--- a/templates/firewall/group/address-group/node.tag/address/node.def
+++ b/templates/firewall/group/address-group/node.tag/address/node.def
@@ -10,96 +10,3 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
--set-type=address \
--member=\"$VAR(@)\"; "
-create: tmpgrp=$VAR(../@)-$PPID
- len=${#tmpgrp}
- if [ "$len" -gt 31 ]; then
- tmpgrp=${tmpgrp: -31};
- if [[ "$tmpgrp" =~ ^- ]]; then
- tmpgrp=${tmpgrp/-/Z};
- fi
- fi
- tmpfile="/tmp/$tmpgrp";
-
- # echo create $VAR(@) $tmpgrp $COMMIT_SIBLING_POSITION
-
- if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \
- [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \
- --set-name=$VAR(../@)
- if [ $? != 0 ]; then
- # echo create $tmpfile;
- touch $tmpfile;
- fi;
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \
- --set-name=$VAR(../@) --set-type=address --set-copy=$tmpgrp
- # echo create $tmpgrp
- fi;
-
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
- --set-name="$tmpgrp" --member="$VAR(@)" --alias=$VAR(../@)
- if [ $? != 0 ]; then
- # echo error adding, destroy $tmpgrp
- sudo ipset --destroy $tmpgrp;
- if [ -e $tmpfile ]; then
- # echo destroy $VAR(../@)
- sudo ipset --destroy $VAR(../@);
- rm $tmpfile;
- fi;
- exit 1;
- fi;
-
- if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \
- [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
- # echo swap and destroy $tmpgrp
- sudo ipset --swap $tmpgrp "$VAR(../@)";
- sudo ipset --destroy $tmpgrp;
- rm -f $tmpfile;
- fi;
-
-delete: tmpgrp=$VAR(../@)-$PPID
- len=${#tmpgrp}
- if [ "$len" -gt 31 ]; then
- tmpgrp=${tmpgrp: -31};
- if [[ "$tmpgrp" =~ ^- ]]; then
- tmpgrp=${tmpgrp/-/Z};
- fi
- fi
- tmpfile="/tmp/$tmpgrp";
-
- # echo delete $VAR(@) $tmpgrp $COMMIT_SIBLING_POSITION
-
- if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \
- [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \
- --set-name=$VAR(../@)
- if [ $? != 0 ]; then
- # echo create $tmpfile;
- touch $tmpfile;
- fi;
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \
- --set-name=$VAR(../@) --set-type=address --set-copy=$tmpgrp
- # echo create $tmpgrp
- fi;
-
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \
- --set-name=$VAR(../@) --set-type=address;
- if [ $? == 0 ] ; then
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-used \
- --set-name=$VAR(../@) --set-type=address
- if [ $? == 0 ] ; then
- echo "Error: group [$VAR(../@)] still in use."
- exit 1;
- fi
- fi
-
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \
- --set-name=$tmpgrp \
- --member="$VAR(@)"
-
- if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \
- [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
- # echo swap and destroy $tmpgrp
- sudo ipset --swap $tmpgrp "$VAR(../@)";
- sudo ipset --destroy $tmpgrp;
- rm -f $tmpfile;
- fi;
diff --git a/templates/firewall/group/network-group/node.def b/templates/firewall/group/network-group/node.def
index e20b536..8e50b7d 100644
--- a/templates/firewall/group/network-group/node.def
+++ b/templates/firewall/group/network-group/node.def
@@ -15,12 +15,6 @@ syntax:expression: pattern $VAR(@) "^[^!]" ; \
syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \
"Firewall group name cannot contain shell punctuation"
-create: sudo /opt/vyatta/sbin/vyatta-ipset.pl \
- --action=create-set \
- --set-type=network \
- --set-name="$VAR(@)"
+end: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=update-set \
+ --set-name="$VAR(@)" --set-type=network
-
-delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl \
- --action=delete-set \
- --set-name="$VAR(@)"
diff --git a/templates/firewall/group/network-group/node.tag/network/node.def b/templates/firewall/group/network-group/node.tag/network/node.def
index 4db4d49..7388561 100644
--- a/templates/firewall/group/network-group/node.tag/network/node.def
+++ b/templates/firewall/group/network-group/node.tag/network/node.def
@@ -12,21 +12,3 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
syntax:expression: exec " \
/opt/vyatta/sbin/check_prefix_boundary $VAR(@)" \
-create: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
- --set-name=$VAR(../@) \
- --member="$VAR(@)"
-
-delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \
- --set-name=$VAR(../@) --set-type=network;
- if [ $? == 0 ] ; then
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-used \
- --set-name=$VAR(../@) --set-type=network
- if [ $? == 0 ] ; then
- echo "Error: group [$VAR(../@)] still in use."
- exit 1;
- fi
- fi
-
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \
- --set-name=$VAR(../@) \
- --member="$VAR(@)"
diff --git a/templates/firewall/group/port-group/node.def b/templates/firewall/group/port-group/node.def
index 76fef9e..949403e 100644
--- a/templates/firewall/group/port-group/node.def
+++ b/templates/firewall/group/port-group/node.def
@@ -15,12 +15,5 @@ syntax:expression: pattern $VAR(@) "^[^!]" ; \
syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \
"Firewall group name cannot contain shell punctuation"
-create: sudo /opt/vyatta/sbin/vyatta-ipset.pl \
- --action=create-set \
- --set-type=port \
- --set-name="$VAR(@)"
-
-
-delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl \
- --action=delete-set \
- --set-name="$VAR(@)"
+end: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=update-set \
+ --set-name="$VAR(@)" --set-type=port
diff --git a/templates/firewall/group/port-group/node.tag/port/node.def b/templates/firewall/group/port-group/node.tag/port/node.def
index 6e657c4..7a9b867 100644
--- a/templates/firewall/group/port-group/node.tag/port/node.def
+++ b/templates/firewall/group/port-group/node.tag/port/node.def
@@ -11,90 +11,3 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
--set-name=$VAR(../@) \
--set-type=port \
--member=\"$VAR(@)\"; "
-
-create: tmpgrp=$VAR(../@)-$PPID
- len=${#tmpgrp}
- if [ "$len" -gt 31 ]; then
- tmpgrp=${tmpgrp: -31};
- if [[ "$tmpgrp" =~ ^- ]]; then
- tmpgrp=${tmpgrp/-/Z};
- fi
- fi
- tmpfile="/tmp/$tmpgrp";
-
- if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \
- [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \
- --set-name=$VAR(../@)
- if [ $? != 0 ]; then
- touch $tmpfile;
- fi;
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \
- --set-name=$VAR(../@) --set-type=port --set-copy=$tmpgrp
- fi;
-
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
- --set-name="$tmpgrp" --member="$VAR(@)" --alias=$VAR(../@)
- if [ $? != 0 ]; then
- sudo ipset --destroy $tmpgrp;
- if [ -e $tmpfile ]; then
- sudo ipset --destroy $VAR(../@);
- rm $tmpfile;
- fi;
- exit 1;
- fi;
-
- if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \
- [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
- sudo ipset --swap $tmpgrp "$VAR(../@)";
- sudo ipset --destroy $tmpgrp;
- rm -f $tmpfile;
- fi;
-
-delete: tmpgrp=$VAR(../@)-$PPID
- len=${#tmpgrp}
- if [ "$len" -gt 31 ]; then
- tmpgrp=${tmpgrp: -31};
- if [[ "$tmpgrp" =~ ^- ]]; then
- tmpgrp=${tmpgrp/-/Z};
- fi
- fi
- tmpfile="/tmp/$tmpgrp";
-
- # echo delete $VAR(@) $tmpgrp $COMMIT_SIBLING_POSITION
-
- if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \
- [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \
- --set-name=$VAR(../@)
- if [ $? != 0 ]; then
- # echo create $tmpfile;
- touch $tmpfile;
- fi;
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \
- --set-name=$VAR(../@) --set-type=port --set-copy=$tmpgrp
- # echo create $tmpgrp
- fi;
-
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \
- --set-name=$VAR(../@) --set-type=port;
- if [ $? == 0 ] ; then
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-used \
- --set-name=$VAR(../@) --set-type=port
- if [ $? == 0 ] ; then
- echo "Error: group [$VAR(../@)] still in use."
- exit 1;
- fi
- fi
-
- sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \
- --set-name=$tmpgrp \
- --member="$VAR(@)"
-
- if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \
- [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
- # echo swap and destroy $tmpgrp
- sudo ipset --swap $tmpgrp "$VAR(../@)";
- sudo ipset --destroy $tmpgrp;
- rm -f $tmpfile;
- fi;