Move setup/teardown out from top-level firewall node.

Add refcnts to know when to teardown.

1 files changed, 14 insertions, 1 deletions

diff --git a/templates/firewall/ipv6-modify/node.def b/templates/firewall/ipv6-modify/node.def
index fe32a27..9ec8f34 100644
--- a/templates/firewall/ipv6-modify/node.def
+++ b/templates/firewall/ipv6-modify/node.def
@@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star
 
 syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'"
 
-end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify
+end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify "$VAR(@)" ;
+     then
+       if [ ${COMMIT_ACTION} = 'DELETE' ] ; 
+       then
+          if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok ipv6-modify ; 
+          then
+             sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown ipv6-modify
+          fi
+       fi
+     else
+       exit 1;
+     fi
+
+create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables
 
 help: Set IPv6 modify rule set name