summaryrefslogtreecommitdiff
path: root/templates/firewall
diff options
context:
space:
mode:
Diffstat (limited to 'templates/firewall')
-rw-r--r--templates/firewall/ipv6-modify/node.def15
-rw-r--r--templates/firewall/ipv6-name/node.def15
-rw-r--r--templates/firewall/modify/node.def15
-rw-r--r--templates/firewall/name/node.def15
-rw-r--r--templates/firewall/node.def8
5 files changed, 57 insertions, 11 deletions
diff --git a/templates/firewall/ipv6-modify/node.def b/templates/firewall/ipv6-modify/node.def
index fe32a27..9ec8f34 100644
--- a/templates/firewall/ipv6-modify/node.def
+++ b/templates/firewall/ipv6-modify/node.def
@@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star
syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'"
-end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify
+end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-modify "$VAR(@)" ;
+ then
+ if [ ${COMMIT_ACTION} = 'DELETE' ] ;
+ then
+ if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok ipv6-modify ;
+ then
+ sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown ipv6-modify
+ fi
+ fi
+ else
+ exit 1;
+ fi
+
+create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables
help: Set IPv6 modify rule set name
diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def
index 2774a28..363c6f3 100644
--- a/templates/firewall/ipv6-name/node.def
+++ b/templates/firewall/ipv6-name/node.def
@@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star
syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'"
-end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-name
+end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules ipv6-name "$VAR(@)" ;
+ then
+ if [ ${COMMIT_ACTION} = 'DELETE' ] ;
+ then
+ if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok ipv6-name ;
+ then
+ sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown ipv6-name
+ fi
+ fi
+ else
+ exit 1;
+ fi
+
+create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables
help: Set IPv6 firewall rule set name
diff --git a/templates/firewall/modify/node.def b/templates/firewall/modify/node.def
index e8f4665..7dacdf9 100644
--- a/templates/firewall/modify/node.def
+++ b/templates/firewall/modify/node.def
@@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Modify rule set name cannot start
syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'"
-end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules modify
+end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules modify "$VAR(@)" ;
+ then
+ if [ ${COMMIT_ACTION} = 'DELETE' ] ;
+ then
+ if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok modify ;
+ then
+ sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown modify
+ fi
+ fi
+ else
+ exit 1;
+ fi
+
+create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup iptables
help: Set IPv4 modify rule set name
diff --git a/templates/firewall/name/node.def b/templates/firewall/name/node.def
index 7f4c9e1..08c0747 100644
--- a/templates/firewall/name/node.def
+++ b/templates/firewall/name/node.def
@@ -12,6 +12,19 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Firewall rule set name cannot star
syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Firewall rule set name cannot contain ';'"
-end: sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules name
+end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules name "$VAR(@)" ;
+ then
+ if [ ${COMMIT_ACTION} = 'DELETE' ] ;
+ then
+ if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok name ;
+ then
+ sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown name
+ fi
+ fi
+ else
+ exit 1;
+ fi
+
+create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup iptables
help: Set IPv4 firewall rule set name
diff --git a/templates/firewall/node.def b/templates/firewall/node.def
index 406248e..c52be12 100644
--- a/templates/firewall/node.def
+++ b/templates/firewall/node.def
@@ -1,11 +1,5 @@
help: Configure firewall
-end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then
- sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown
- # set conntrack table size to standard 16384 entries if firewall disabled
+delete: # set conntrack table size to standard 16384 entries if firewall disabled
sudo sh -c "echo 16384 > /proc/sys/net/nf_conntrack_max"
- fi;
-
-create:
- sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 17:33:38 +0000