From 76caaf8d611724e43d2de5e65a3ced27d33cbb7a Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit.mehta@vyatta.com>
Date: Tue, 13 Jul 2010 18:49:55 -0700
Subject: Fix Bug 5744 unable to use firewall group with recent match condition
 * use --match-set instead of --set for ipset match * re-arrange rules when
 ipset and recent match are used together. instead of   appending recent match
 conditions to the rule; place them before ipset   match conditions * add
 debugging output to look at generated rules

---
 lib/Vyatta/IpTables/IpSet.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/Vyatta/IpTables/IpSet.pm')

diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm
index f53202c..a8c455e 100755
--- a/lib/Vyatta/IpTables/IpSet.pm
+++ b/lib/Vyatta/IpTables/IpSet.pm
@@ -439,7 +439,7 @@ sub rule {
     return (undef, "Invalid direction [$direction]") if ! defined $srcdst;
     my $opt = '';
     $opt = '!' if $self->{_negate};
-    return (" -m set $opt --set $grp $srcdst ", );
+    return (" -m set $opt --match-set $grp $srcdst ", );
 }
 
 1;
-- 
cgit v1.2.3