summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xscripts/firewall/vyatta-ipset.pl1
-rw-r--r--templates/firewall/ipv6-name/node.def10
2 files changed, 7 insertions, 4 deletions
diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl
index e5b2fd1..65e0325 100755
--- a/scripts/firewall/vyatta-ipset.pl
+++ b/scripts/firewall/vyatta-ipset.pl
@@ -352,7 +352,6 @@ sub prune_deleted_sets {
my $type = $group->get_type();
my $family = $group->get_family();
($family eq 'inet') ? $cfg->setLevel("firewall group $type-group") : $cfg->setLevel("firewall group ipv6-$type-group");
- $cfg->setLevel("firewall group $type-group");
next if ($cfg->isEffective($set)); # don't prune if still in config
my $rc;
$rc = ipset_delete($set);
diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def
index e7e1167..2e20b9a 100644
--- a/templates/firewall/ipv6-name/node.def
+++ b/templates/firewall/ipv6-name/node.def
@@ -14,17 +14,21 @@ syntax:expression: ! pattern $VAR(@) "^VZONE" ; \
end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules "firewall ipv6-name" "$VAR(@)" ;
then
- if [ ${COMMIT_ACTION} = 'DELETE' ] ;
+ if [ ${COMMIT_ACTION} = 'DELETE' ] ;
then
if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok "firewall ipv6-name" ;
then
- sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown "firewall ipv6-name"
+ if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown "firewall ipv6-name"; then
+ ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)"
+ fi
fi
+ else
+ ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)"
fi
else
exit 1;
fi
- ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)"
+ sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=prune-deleted-sets
create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables "firewall ipv6-name"