diff options
Diffstat (limited to 'templates/firewall/group/port-group')
| -rw-r--r-- | templates/firewall/group/port-group/node.def | 11 | ||||
| -rw-r--r-- | templates/firewall/group/port-group/node.tag/port/node.def | 87 |
2 files changed, 2 insertions, 96 deletions
diff --git a/templates/firewall/group/port-group/node.def b/templates/firewall/group/port-group/node.def index 76fef9e..949403e 100644 --- a/templates/firewall/group/port-group/node.def +++ b/templates/firewall/group/port-group/node.def @@ -15,12 +15,5 @@ syntax:expression: pattern $VAR(@) "^[^!]" ; \ syntax:expression: pattern $VAR(@) "^[^|;&$<>]*$" ; \ "Firewall group name cannot contain shell punctuation" -create: sudo /opt/vyatta/sbin/vyatta-ipset.pl \ - --action=create-set \ - --set-type=port \ - --set-name="$VAR(@)" - - -delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl \ - --action=delete-set \ - --set-name="$VAR(@)" +end: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=update-set \ + --set-name="$VAR(@)" --set-type=port diff --git a/templates/firewall/group/port-group/node.tag/port/node.def b/templates/firewall/group/port-group/node.tag/port/node.def index 6e657c4..7a9b867 100644 --- a/templates/firewall/group/port-group/node.tag/port/node.def +++ b/templates/firewall/group/port-group/node.tag/port/node.def @@ -11,90 +11,3 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \ --set-name=$VAR(../@) \ --set-type=port \ --member=\"$VAR(@)\"; " - -create: tmpgrp=$VAR(../@)-$PPID - len=${#tmpgrp} - if [ "$len" -gt 31 ]; then - tmpgrp=${tmpgrp: -31}; - if [[ "$tmpgrp" =~ ^- ]]; then - tmpgrp=${tmpgrp/-/Z}; - fi - fi - tmpfile="/tmp/$tmpgrp"; - - if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \ - --set-name=$VAR(../@) - if [ $? != 0 ]; then - touch $tmpfile; - fi; - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \ - --set-name=$VAR(../@) --set-type=port --set-copy=$tmpgrp - fi; - - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \ - --set-name="$tmpgrp" --member="$VAR(@)" --alias=$VAR(../@) - if [ $? != 0 ]; then - sudo ipset --destroy $tmpgrp; - if [ -e $tmpfile ]; then - sudo ipset --destroy $VAR(../@); - rm $tmpfile; - fi; - exit 1; - fi; - - if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - sudo ipset --swap $tmpgrp "$VAR(../@)"; - sudo ipset --destroy $tmpgrp; - rm -f $tmpfile; - fi; - -delete: tmpgrp=$VAR(../@)-$PPID - len=${#tmpgrp} - if [ "$len" -gt 31 ]; then - tmpgrp=${tmpgrp: -31}; - if [[ "$tmpgrp" =~ ^- ]]; then - tmpgrp=${tmpgrp/-/Z}; - fi - fi - tmpfile="/tmp/$tmpgrp"; - - # echo delete $VAR(@) $tmpgrp $COMMIT_SIBLING_POSITION - - if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \ - --set-name=$VAR(../@) - if [ $? != 0 ]; then - # echo create $tmpfile; - touch $tmpfile; - fi; - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \ - --set-name=$VAR(../@) --set-type=port --set-copy=$tmpgrp - # echo create $tmpgrp - fi; - - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \ - --set-name=$VAR(../@) --set-type=port; - if [ $? == 0 ] ; then - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-used \ - --set-name=$VAR(../@) --set-type=port - if [ $? == 0 ] ; then - echo "Error: group [$VAR(../@)] still in use." - exit 1; - fi - fi - - sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \ - --set-name=$tmpgrp \ - --member="$VAR(@)" - - if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \ - [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then - # echo swap and destroy $tmpgrp - sudo ipset --swap $tmpgrp "$VAR(../@)"; - sudo ipset --destroy $tmpgrp; - rm -f $tmpfile; - fi; |