diff options
-rwxr-xr-x | lib/Vyatta/IpTables/Mgr.pm | 18 | ||||
-rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 20 |
2 files changed, 19 insertions, 19 deletions
diff --git a/lib/Vyatta/IpTables/Mgr.pm b/lib/Vyatta/IpTables/Mgr.pm index ff468cb..678fb39 100755 --- a/lib/Vyatta/IpTables/Mgr.pm +++ b/lib/Vyatta/IpTables/Mgr.pm @@ -29,7 +29,8 @@ use warnings; use base 'Exporter'; our @EXPORT = qw(ipt_find_chain_rule ipt_enable_conntrack - ipt_disable_conntrack count_iptables_rules); + ipt_disable_conntrack count_iptables_rules + chain_referenced); sub ipt_find_chain_rule { @@ -114,4 +115,19 @@ sub count_iptables_rules { return $cnt; } +sub chain_referenced { + my ( $table, $chain, $iptables_cmd ) = @_; + + my $cmd = "$iptables_cmd -t $table -n -L $chain"; + my $line = `$cmd 2>/dev/null |head -n1`; + chomp $line; + my $found = 0; + if ( $line =~ m/^Chain $chain \((\d+) references\)$/ ) { + if ( $1 > 0 ) { + $found = 1; + } + } + return $found; +} + 1; diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index ac2b312..32fa380 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -363,7 +363,7 @@ sub update_rules { log_msg "$tree $name = deleted\n"; # delete the chain - if (chain_referenced($table, $name, $iptables_cmd)) { + if (Vyatta::IpTables::Mgr::chain_referenced($table, $name, $iptables_cmd)) { # disallow deleting a chain if it's still referenced print STDERR 'Firewall config error: ' . "Cannot delete rule set \"$name\" (still in use)\n"; @@ -766,22 +766,6 @@ sub setup_chain { } } -sub chain_referenced { - my ($table, $chain, $iptables_cmd) = @_; - - my $cmd = "$iptables_cmd -t $table -n -L $chain"; - my $line = `$cmd 2>/dev/null |head -n1`; - chomp $line; - my $found = 0; - if ($line =~ m/^Chain $chain \((\d+) references\)$/) { - if ($1 > 0) { - $found = 1; - } - } - log_msg "chain_referenced [$cmd] = $found\n"; - return $found; -} - sub chain_referenced_count { my ($table, $chain, $iptables_cmd) = @_; @@ -804,7 +788,7 @@ sub delete_chain { my $configured = `$iptables_cmd -t $table -n -L $chain 2>&1 | head -1`; if ($configured =~ /^Chain $chain/) { - if (!chain_referenced($table, $chain, $iptables_cmd)) { + if (!Vyatta::IpTables::Mgr::chain_referenced($table, $chain, $iptables_cmd)) { run_cmd("$iptables_cmd -t $table --flush $chain", 0, 0); die "$iptables_cmd error: $table $chain --flush: $!" if ($? >> 8); run_cmd("$iptables_cmd -t $table --delete-chain $chain", 0, 0); |