Apply interface firewalls to separate VYATTA_(IN|OUT)_HOOK.

This enforces in firewall to be processed before out firewall.
author: Stig Thormodsrud <stig@vyatta.com> 2009-04-07 19:44:23 -0700
committer: Stig Thormodsrud <stig@vyatta.com> 2009-04-07 19:44:23 -0700
commit: 6cc3f2cb82db6de6685541ba6f177906ad2758be (patch)
tree: 94e0ec72733264382c99d1322304638855fd5444 /templates/firewall
parent: 7b5f6ad8cb6b48e7f0e8586be77c1a34e5c8d9cd (diff)
download: vyatta-cfg-firewall-6cc3f2cb82db6de6685541ba6f177906ad2758be.tar.gz
vyatta-cfg-firewall-6cc3f2cb82db6de6685541ba6f177906ad2758be.zip
1 files changed, 7 insertions, 7 deletions
diff --git a/templates/firewall/node.def b/templates/firewall/node.def
index 29c0992..3bb1bfc 100644
--- a/templates/firewall/node.def
+++ b/templates/firewall/node.def
@@ -1,12 +1,12 @@
 help: Configure firewall
 
-end:
-	sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules
-
-create:
-	sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup
-
-delete:
+end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules
+     if [ ${COMMIT_ACTION} = 'DELETE' ]; then
 	sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown
         # set conntrack table size to standard 16384 entries if firewall disabled
         sudo sh -c "echo 16384 > /proc/sys/net/nf_conntrack_max"
+     fi;
+
+create:
+     sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup
+
author	Stig Thormodsrud <stig@vyatta.com>	2009-04-07 19:44:23 -0700
committer	Stig Thormodsrud <stig@vyatta.com>	2009-04-07 19:44:23 -0700
commit	6cc3f2cb82db6de6685541ba6f177906ad2758be (patch)
tree	94e0ec72733264382c99d1322304638855fd5444 /templates/firewall
parent	7b5f6ad8cb6b48e7f0e8586be77c1a34e5c8d9cd (diff)
download	vyatta-cfg-firewall-6cc3f2cb82db6de6685541ba6f177906ad2758be.tar.gz vyatta-cfg-firewall-6cc3f2cb82db6de6685541ba6f177906ad2758be.zip