diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2009-04-13 12:30:30 -0700 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2009-04-13 12:30:30 -0700 |
| commit | 4b77669da9c2c16db3f5a3696335bab386f4cf11 (patch) | |
| tree | 2a287b4312e123ecc4411ada81de161c75c1ee19 /templates | |
| parent | f7d5ec8f1a6d0552d2aff417ff2064dea0fed4de (diff) | |
| download | vyatta-cfg-firewall-4b77669da9c2c16db3f5a3696335bab386f4cf11.tar.gz vyatta-cfg-firewall-4b77669da9c2c16db3f5a3696335bab386f4cf11.zip | |
Move firewall "end" processing down to each table.
Fix bug for global enable/disable of conntrack.
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/firewall/ipv6-modify/node.def | 2 | ||||
| -rw-r--r-- | templates/firewall/ipv6-name/node.def | 2 | ||||
| -rw-r--r-- | templates/firewall/modify/node.def | 2 | ||||
| -rw-r--r-- | templates/firewall/name/node.def | 2 | ||||
| -rw-r--r-- | templates/firewall/node.def | 3 |
5 files changed, 9 insertions, 2 deletions
diff --git a/templates/firewall/ipv6-modify/node.def b/templates/firewall/ipv6-modify/node.def index b7c9f0a..fe32a27 100644 --- a/templates/firewall/ipv6-modify/node.def +++ b/templates/firewall/ipv6-modify/node.def @@ -12,4 +12,6 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" +end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify + help: Set IPv6 modify rule set name diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def index 609132c..2774a28 100644 --- a/templates/firewall/ipv6-name/node.def +++ b/templates/firewall/ipv6-name/node.def @@ -12,4 +12,6 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" +end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-name + help: Set IPv6 firewall rule set name diff --git a/templates/firewall/modify/node.def b/templates/firewall/modify/node.def index cdd0d04..e8f4665 100644 --- a/templates/firewall/modify/node.def +++ b/templates/firewall/modify/node.def @@ -12,4 +12,6 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Modify rule set name cannot start syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" +end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules modify + help: Set IPv4 modify rule set name diff --git a/templates/firewall/name/node.def b/templates/firewall/name/node.def index b7c6489..7f4c9e1 100644 --- a/templates/firewall/name/node.def +++ b/templates/firewall/name/node.def @@ -12,4 +12,6 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" +end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules name + help: Set IPv4 firewall rule set name diff --git a/templates/firewall/node.def b/templates/firewall/node.def index 3bb1bfc..406248e 100644 --- a/templates/firewall/node.def +++ b/templates/firewall/node.def @@ -1,7 +1,6 @@ help: Configure firewall -end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules - if [ ${COMMIT_ACTION} = 'DELETE' ]; then +end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown # set conntrack table size to standard 16384 entries if firewall disabled sudo sh -c "echo 16384 > /proc/sys/net/nf_conntrack_max" |