2 files changed, 79 insertions, 6 deletions

diff --git a/templates/firewall/group/address-group/node.tag/address/node.def b/templates/firewall/group/address-group/node.tag/address/node.def
index b0bd955..a04dd5b 100644
--- a/templates/firewall/group/address-group/node.tag/address/node.def
+++ b/templates/firewall/group/address-group/node.tag/address/node.def
@@ -20,22 +20,28 @@ create: tmpgrp=$VAR(../@)-$PPID
         fi
         tmpfile="/tmp/$tmpgrp";
 
+        # echo create $VAR(@) $tmpgrp $COMMIT_SIBLING_POSITION
+
         if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \
            [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
            sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \
              --set-name=$VAR(../@) 
            if [ $? != 0 ]; then
+              # echo create $tmpfile;
               touch $tmpfile;
            fi;
            sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \
              --set-name=$VAR(../@) --set-type=address --set-copy=$tmpgrp
+           # echo create $tmpgrp
         fi;
 
         sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
           --set-name="$tmpgrp" --member="$VAR(@)" --alias=$VAR(../@)
         if [ $? != 0 ]; then
+                # echo error adding, destroy $tmpgrp
                 sudo ipset --destroy $tmpgrp;
                 if [ -e $tmpfile ]; then
+                   # echo destroy $VAR(../@)
                    sudo ipset --destroy $VAR(../@);
                    rm $tmpfile;
                 fi;
@@ -44,12 +50,38 @@ create: tmpgrp=$VAR(../@)-$PPID
 
         if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \
            [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
+           # echo swap and destroy $tmpgrp
            sudo ipset --swap $tmpgrp "$VAR(../@)";
            sudo ipset --destroy $tmpgrp;
            rm -f $tmpfile;
         fi;
 
-delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \
+delete: tmpgrp=$VAR(../@)-$PPID
+        len=${#tmpgrp}
+        if [ "$len" -gt 31 ]; then
+           tmpgrp=${tmpgrp: -31};
+           if [[ "$tmpgrp" =~ ^- ]]; then
+              tmpgrp=${tmpgrp/-/Z};
+           fi
+        fi
+        tmpfile="/tmp/$tmpgrp";
+
+        # echo delete $VAR(@) $tmpgrp $COMMIT_SIBLING_POSITION
+
+        if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \
+           [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
+           sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \
+             --set-name=$VAR(../@) 
+           if [ $? != 0 ]; then
+              # echo create $tmpfile;
+              touch $tmpfile;
+           fi;
+           sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \
+             --set-name=$VAR(../@) --set-type=address --set-copy=$tmpgrp
+           # echo create $tmpgrp
+        fi;
+
+        sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \
                 --set-name=$VAR(../@) --set-type=address;
         if [ $? == 0 ] ; then
            sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-used \
@@ -61,5 +93,13 @@ delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \
         fi
 
         sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \
-          --set-name=$VAR(../@) \
+          --set-name=$tmpgrp \
           --member="$VAR(@)"
+
+        if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \
+           [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
+           # echo swap and destroy $tmpgrp
+           sudo ipset --swap $tmpgrp "$VAR(../@)";
+           sudo ipset --destroy $tmpgrp;
+           rm -f $tmpfile;
+        fi;
diff --git a/templates/firewall/group/port-group/node.tag/port/node.def b/templates/firewall/group/port-group/node.tag/port/node.def
index f0ab759..6e657c4 100644
--- a/templates/firewall/group/port-group/node.tag/port/node.def
+++ b/templates/firewall/group/port-group/node.tag/port/node.def
@@ -51,8 +51,33 @@ create: tmpgrp=$VAR(../@)-$PPID
            rm -f $tmpfile;
         fi;
 
-delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \
-               --set-name=$VAR(../@) --set-type=port;
+delete: tmpgrp=$VAR(../@)-$PPID
+        len=${#tmpgrp}
+        if [ "$len" -gt 31 ]; then
+           tmpgrp=${tmpgrp: -31};
+           if [[ "$tmpgrp" =~ ^- ]]; then
+              tmpgrp=${tmpgrp/-/Z};
+           fi
+        fi
+        tmpfile="/tmp/$tmpgrp";
+
+        # echo delete $VAR(@) $tmpgrp $COMMIT_SIBLING_POSITION
+
+        if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || \
+           [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
+           sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \
+             --set-name=$VAR(../@) 
+           if [ $? != 0 ]; then
+              # echo create $tmpfile;
+              touch $tmpfile;
+           fi;
+           sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \
+             --set-name=$VAR(../@) --set-type=port --set-copy=$tmpgrp
+           # echo create $tmpgrp
+        fi;
+
+        sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \
+                --set-name=$VAR(../@) --set-type=port;
         if [ $? == 0 ] ; then
            sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-used \
                --set-name=$VAR(../@) --set-type=port
@@ -61,7 +86,15 @@ delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-group-deleted \
               exit 1;
            fi
         fi
- 
+
         sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \
-          --set-name=$VAR(../@) \
+          --set-name=$tmpgrp \
           --member="$VAR(@)"
+
+        if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || \
+           [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
+           # echo swap and destroy $tmpgrp
+           sudo ipset --swap $tmpgrp "$VAR(../@)";
+           sudo ipset --destroy $tmpgrp;
+           rm -f $tmpfile;
+        fi;