diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2009-04-24 16:18:14 -0700 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2009-04-24 16:18:14 -0700 |
| commit | 8a4b8a8238220a082d30364631d23da675a48361 (patch) | |
| tree | 4a173137972e7b92d0c87ed91046f3329a30de53 /templates/firewall | |
| parent | 974a9ed041c84d9023fd972c5dd6f3648afd6daf (diff) | |
| download | vyatta-cfg-firewall-8a4b8a8238220a082d30364631d23da675a48361.tar.gz vyatta-cfg-firewall-8a4b8a8238220a082d30364631d23da675a48361.zip | |
Move setup/teardown out from top-level firewall node.
Add refcnts to know when to teardown.
Diffstat (limited to 'templates/firewall')
| -rw-r--r-- | templates/firewall/ipv6-modify/node.def | 15 | ||||
| -rw-r--r-- | templates/firewall/ipv6-name/node.def | 15 | ||||
| -rw-r--r-- | templates/firewall/modify/node.def | 15 | ||||
| -rw-r--r-- | templates/firewall/name/node.def | 15 | ||||
| -rw-r--r-- | templates/firewall/node.def | 8 |
5 files changed, 57 insertions, 11 deletions
diff --git a/templates/firewall/ipv6-modify/node.def b/templates/firewall/ipv6-modify/node.def index fe32a27..9ec8f34 100644 --- a/templates/firewall/ipv6-modify/node.def +++ b/templates/firewall/ipv6-modify/node.def @@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" -end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify +end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify "$VAR(@)" ; + then + if [ ${COMMIT_ACTION} = 'DELETE' ] ; + then + if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok ipv6-modify ; + then + sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown ipv6-modify + fi + fi + else + exit 1; + fi + +create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables help: Set IPv6 modify rule set name diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def index 2774a28..363c6f3 100644 --- a/templates/firewall/ipv6-name/node.def +++ b/templates/firewall/ipv6-name/node.def @@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" -end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-name +end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-name "$VAR(@)" ; + then + if [ ${COMMIT_ACTION} = 'DELETE' ] ; + then + if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok ipv6-name ; + then + sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown ipv6-name + fi + fi + else + exit 1; + fi + +create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables help: Set IPv6 firewall rule set name diff --git a/templates/firewall/modify/node.def b/templates/firewall/modify/node.def index e8f4665..7dacdf9 100644 --- a/templates/firewall/modify/node.def +++ b/templates/firewall/modify/node.def @@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Modify rule set name cannot start syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" -end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules modify +end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules modify "$VAR(@)" ; + then + if [ ${COMMIT_ACTION} = 'DELETE' ] ; + then + if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok modify ; + then + sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown modify + fi + fi + else + exit 1; + fi + +create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup iptables help: Set IPv4 modify rule set name diff --git a/templates/firewall/name/node.def b/templates/firewall/name/node.def index 7f4c9e1..08c0747 100644 --- a/templates/firewall/name/node.def +++ b/templates/firewall/name/node.def @@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" -end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules name +end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules name "$VAR(@)" ; + then + if [ ${COMMIT_ACTION} = 'DELETE' ] ; + then + if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok name ; + then + sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown name + fi + fi + else + exit 1; + fi + +create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup iptables help: Set IPv4 firewall rule set name diff --git a/templates/firewall/node.def b/templates/firewall/node.def index 406248e..c52be12 100644 --- a/templates/firewall/node.def +++ b/templates/firewall/node.def @@ -1,11 +1,5 @@ help: Configure firewall -end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then - sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown - # set conntrack table size to standard 16384 entries if firewall disabled +delete: # set conntrack table size to standard 16384 entries if firewall disabled sudo sh -c "echo 16384 > /proc/sys/net/nf_conntrack_max" - fi; - -create: - sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup |