diff options
Diffstat (limited to 'templates/firewall')
-rw-r--r-- | templates/firewall/ipv6-modify/node.def | 15 | ||||
-rw-r--r-- | templates/firewall/ipv6-name/node.def | 15 | ||||
-rw-r--r-- | templates/firewall/modify/node.def | 15 | ||||
-rw-r--r-- | templates/firewall/name/node.def | 15 | ||||
-rw-r--r-- | templates/firewall/node.def | 8 |
5 files changed, 57 insertions, 11 deletions
diff --git a/templates/firewall/ipv6-modify/node.def b/templates/firewall/ipv6-modify/node.def index fe32a27..9ec8f34 100644 --- a/templates/firewall/ipv6-modify/node.def +++ b/templates/firewall/ipv6-modify/node.def @@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" -end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify +end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify "$VAR(@)" ; + then + if [ ${COMMIT_ACTION} = 'DELETE' ] ; + then + if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok ipv6-modify ; + then + sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown ipv6-modify + fi + fi + else + exit 1; + fi + +create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables help: Set IPv6 modify rule set name diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def index 2774a28..363c6f3 100644 --- a/templates/firewall/ipv6-name/node.def +++ b/templates/firewall/ipv6-name/node.def @@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" -end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-name +end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-name "$VAR(@)" ; + then + if [ ${COMMIT_ACTION} = 'DELETE' ] ; + then + if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok ipv6-name ; + then + sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown ipv6-name + fi + fi + else + exit 1; + fi + +create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables help: Set IPv6 firewall rule set name diff --git a/templates/firewall/modify/node.def b/templates/firewall/modify/node.def index e8f4665..7dacdf9 100644 --- a/templates/firewall/modify/node.def +++ b/templates/firewall/modify/node.def @@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Modify rule set name cannot start syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" -end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules modify +end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules modify "$VAR(@)" ; + then + if [ ${COMMIT_ACTION} = 'DELETE' ] ; + then + if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok modify ; + then + sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown modify + fi + fi + else + exit 1; + fi + +create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup iptables help: Set IPv4 modify rule set name diff --git a/templates/firewall/name/node.def b/templates/firewall/name/node.def index 7f4c9e1..08c0747 100644 --- a/templates/firewall/name/node.def +++ b/templates/firewall/name/node.def @@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'" -end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules name +end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules name "$VAR(@)" ; + then + if [ ${COMMIT_ACTION} = 'DELETE' ] ; + then + if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok name ; + then + sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown name + fi + fi + else + exit 1; + fi + +create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup iptables help: Set IPv4 firewall rule set name diff --git a/templates/firewall/node.def b/templates/firewall/node.def index 406248e..c52be12 100644 --- a/templates/firewall/node.def +++ b/templates/firewall/node.def @@ -1,11 +1,5 @@ help: Configure firewall -end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then - sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown - # set conntrack table size to standard 16384 entries if firewall disabled +delete: # set conntrack table size to standard 16384 entries if firewall disabled sudo sh -c "echo 16384 > /proc/sys/net/nf_conntrack_max" - fi; - -create: - sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup |