diff options
author | Mohit Mehta <mohit@vyatta.com> | 2012-02-24 19:02:24 -0800 |
---|---|---|
committer | Mohit Mehta <mohit@vyatta.com> | 2012-02-24 19:09:52 -0800 |
commit | 5b0c60a45ac748d4bd670c8c8ce01f719c9a8259 (patch) | |
tree | b4faea44c473f0bc6e046c426adbff0fbec2b847 /templates | |
parent | 2ddf45aff7672525f66bbf2e642b85cbca25b0a3 (diff) | |
download | vyatta-cfg-firewall-5b0c60a45ac748d4bd670c8c8ce01f719c9a8259.tar.gz vyatta-cfg-firewall-5b0c60a45ac748d4bd670c8c8ce01f719c9a8259.zip |
Bug Fix for 7751, 7753, 7757
Add commit checks for 'state-policy' sub-tree
Diffstat (limited to 'templates')
7 files changed, 22 insertions, 0 deletions
diff --git a/templates/firewall/state-policy/established/log/node.def b/templates/firewall/state-policy/established/log/node.def index 78125ae..aaa47bb 100644 --- a/templates/firewall/state-policy/established/log/node.def +++ b/templates/firewall/state-policy/established/log/node.def @@ -1 +1,4 @@ help: Option to log packets part of an established connection + +commit:expression: $VAR(./enable) != ""; + "Need to set 'enable' to log packets part of an established connection" diff --git a/templates/firewall/state-policy/established/node.def b/templates/firewall/state-policy/established/node.def index 8a199e2..2aa7526 100644 --- a/templates/firewall/state-policy/established/node.def +++ b/templates/firewall/state-policy/established/node.def @@ -1 +1,4 @@ help: Global firewall policy for packets part of an established connection + +commit:expression: $VAR(./action/) != ""; + "No action set for state 'established'" diff --git a/templates/firewall/state-policy/invalid/log/node.def b/templates/firewall/state-policy/invalid/log/node.def index cfd56b3..73a3915 100644 --- a/templates/firewall/state-policy/invalid/log/node.def +++ b/templates/firewall/state-policy/invalid/log/node.def @@ -1 +1,4 @@ help: Option to log packets part of an invalid connection + +commit:expression: $VAR(./enable) != ""; + "Need to set 'enable' to log packets part of an invalid connection" diff --git a/templates/firewall/state-policy/invalid/node.def b/templates/firewall/state-policy/invalid/node.def index 71bbf20..2495327 100644 --- a/templates/firewall/state-policy/invalid/node.def +++ b/templates/firewall/state-policy/invalid/node.def @@ -1 +1,4 @@ help: Global firewall policy for packets part of an invalid connection + +commit:expression: $VAR(./action/) != ""; + "No action set for state 'invalid'" diff --git a/templates/firewall/state-policy/node.def b/templates/firewall/state-policy/node.def index a745c31..230f090 100644 --- a/templates/firewall/state-policy/node.def +++ b/templates/firewall/state-policy/node.def @@ -1,6 +1,10 @@ priority: 200 help: Global firewall state-policy +commit:expression: $VAR(./established) != "" || $VAR(./related) != "" + || $VAR(./invalid) != ""; + "No policy set for either 'established', 'related', or 'invalid' state" + begin: if ! /opt/vyatta/sbin/vyatta-fw-global-state-policy.pl \ --action=state-policy-validity-checks; then \ diff --git a/templates/firewall/state-policy/related/log/node.def b/templates/firewall/state-policy/related/log/node.def index 245928b..9647b60 100644 --- a/templates/firewall/state-policy/related/log/node.def +++ b/templates/firewall/state-policy/related/log/node.def @@ -1 +1,4 @@ help: Option to log packets part of a related connection + +commit:expression: $VAR(./enable) != ""; + "Need to set 'enable' to log packets part of a related connection" diff --git a/templates/firewall/state-policy/related/node.def b/templates/firewall/state-policy/related/node.def index df8d7c0..9e4d7dd 100644 --- a/templates/firewall/state-policy/related/node.def +++ b/templates/firewall/state-policy/related/node.def @@ -1 +1,4 @@ help: Global firewall policy for packets part of a related connection + +commit:expression: $VAR(./action/) != ""; + "No action set for state 'related'" |