Make firewall syntax checks use the vyatta-util library

author: John Southworth <john.southworth@vyatta.com> 2012-06-02 21:05:15 -0700
committer: John Southworth <john.southworth@vyatta.com> 2012-06-02 21:05:15 -0700
commit: 8a08387990b286a67125317e500bc81a3838b454 (patch)
tree: 0b2e37d5c6f2572347a3a77c58e2942605d40523 /templates/firewall/group
parent: 892a2b9d6fb1274fbc2dd9489d154c516ffa074f (diff)
download: vyatta-cfg-firewall-8a08387990b286a67125317e500bc81a3838b454.tar.gz
vyatta-cfg-firewall-8a08387990b286a67125317e500bc81a3838b454.zip
3 files changed, 3 insertions, 15 deletions
diff --git a/templates/firewall/group/address-group/node.tag/address/node.def b/templates/firewall/group/address-group/node.tag/address/node.def
index 2629b9d..b5060ea 100644
--- a/templates/firewall/group/address-group/node.tag/address/node.def
+++ b/templates/firewall/group/address-group/node.tag/address/node.def
@@ -4,9 +4,5 @@ help: Address-group member
 val_help: ipv4; IPv4 address to match
 val_help: ipv4range; IPv4 range to match (e.g. 10.0.0.1-10.0.0.200)
 
-syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
-                           --action=check-member          \
-                           --set-name=$VAR(../@)          \
-                           --set-type=address             \
-                           --member=\"$VAR(@)\"; "
+syntax:expression: exec "/opt/vyatta/sbin/ipset-check-member address $VAR(@)"
 
diff --git a/templates/firewall/group/network-group/node.tag/network/node.def b/templates/firewall/group/network-group/node.tag/network/node.def
index 7388561..b3e0c18 100644
--- a/templates/firewall/group/network-group/node.tag/network/node.def
+++ b/templates/firewall/group/network-group/node.tag/network/node.def
@@ -3,11 +3,7 @@ type: ipv4net
 help: Network-group member
 val_help: ipv4net; IPv4 Subnet to match
 
-syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
-                           --action=check-member          \
-                           --set-name=$VAR(../@)          \
-                           --set-type=network             \
-                           --member=\"$VAR(@)\"; "
+syntax:expression: exec "/opt/vyatta/sbin/ipset-check-member network $VAR(@)"
 
 syntax:expression: exec "                                 \
           /opt/vyatta/sbin/check_prefix_boundary $VAR(@)" \
diff --git a/templates/firewall/group/port-group/node.tag/port/node.def b/templates/firewall/group/port-group/node.tag/port/node.def
index 7a9b867..5f310c2 100644
--- a/templates/firewall/group/port-group/node.tag/port/node.def
+++ b/templates/firewall/group/port-group/node.tag/port/node.def
@@ -6,8 +6,4 @@ val_help: <name>; Named port (any name in /etc/services, e.g., http)
 val_help: u32:1-65535; Numbered port
 val_help: <start>-<end>; Numbered port range (e.g. 1001-1050)
 
-syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
-                           --action=check-member          \
-                           --set-name=$VAR(../@)          \
-                           --set-type=port                \
-                           --member=\"$VAR(@)\"; "
+syntax:expression: exec "sudo /opt/vyatta/sbin/ipset-check-member port $VAR(@)"
author	John Southworth <john.southworth@vyatta.com>	2012-06-02 21:05:15 -0700
committer	John Southworth <john.southworth@vyatta.com>	2012-06-02 21:05:15 -0700
commit	8a08387990b286a67125317e500bc81a3838b454 (patch)
tree	0b2e37d5c6f2572347a3a77c58e2942605d40523 /templates/firewall/group
parent	892a2b9d6fb1274fbc2dd9489d154c516ffa074f (diff)
download	vyatta-cfg-firewall-8a08387990b286a67125317e500bc81a3838b454.tar.gz vyatta-cfg-firewall-8a08387990b286a67125317e500bc81a3838b454.zip