summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/Vyatta/IpTables/Rule.pm15
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/disable/node.def1
2 files changed, 16 insertions, 0 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm
index 9cbd303..ad9bfad 100644
--- a/lib/Vyatta/IpTables/Rule.pm
+++ b/lib/Vyatta/IpTables/Rule.pm
@@ -37,6 +37,7 @@ my %fields = (
_gnu => undef,
_kazaa => undef,
},
+ _disable => undef,
);
my %dummy_rule = (
@@ -69,6 +70,7 @@ my %dummy_rule = (
_gnu => undef,
_kazaa => undef,
},
+ _disable => undef,
);
sub new {
@@ -126,6 +128,8 @@ sub setup {
$self->{_p2p}->{_gnu} = $config->exists("p2p gnutella");
$self->{_p2p}->{_kazaa} = $config->exists("p2p kazaa");
+ $self->{_disable} = $config->exists("disable");
+
# TODO: need $config->exists("$level source") in Vyatta::Config.pm
$src->setup("$level source");
$dst->setup("$level destination");
@@ -171,6 +175,8 @@ sub setupOrig {
$self->{_p2p}->{_gnu} = $config->existsOrig("p2p gnutella");
$self->{_p2p}->{_kazaa} = $config->existsOrig("p2p kazaa");
+ $self->{_disable} = $config->existsOrig("disable");
+
# TODO: need $config->exists("$level source") in Vyatta::Config.pm
$src->setupOrig("$level source");
$dst->setupOrig("$level destination");
@@ -199,6 +205,7 @@ sub print {
sub is_stateful {
my $self = shift;
+ return 0 if defined $self->{_disable};
my @states = qw(established new related invalid);
foreach (@states) {
if (defined($self->{_state}->{"_$_"})
@@ -209,6 +216,12 @@ sub is_stateful {
return 0;
}
+sub is_disabled {
+ my $self = shift;
+ return 1 if defined $self->{_disable};
+ return 0;
+}
+
sub get_state_str {
my $self = shift;
my @states = qw(established new related invalid);
@@ -230,6 +243,7 @@ sub get_state_str {
sub get_num_ipt_rules {
my $self = shift;
my $ipt_rules = 1;
+ return 0 if defined $self->{_disable};
if (("$self->{_log}" eq "enable") && (("$self->{_action}" eq "drop")
|| ("$self->{_action}" eq "accept")
|| ("$self->{_action}" eq "reject")
@@ -385,6 +399,7 @@ sub rule {
$rule2 = $recent_rule;
$recent_rule = undef;
}
+ return (undef, undef) if defined $self->{_disable};
return (undef, $rule, $rule2, $recent_rule, );
}
diff --git a/templates/firewall/name/node.tag/rule/node.tag/disable/node.def b/templates/firewall/name/node.tag/rule/node.tag/disable/node.def
new file mode 100644
index 0000000..498a027
--- /dev/null
+++ b/templates/firewall/name/node.tag/rule/node.tag/disable/node.def
@@ -0,0 +1 @@
+help: Set firewall rule disabled \ No newline at end of file