From 31a37e48a3095c64aca1a3fd3a0f46ca115dc767 Mon Sep 17 00:00:00 2001
From: Stig Thormodsrud <stig@vyatta.com>
Date: Fri, 5 Mar 2010 11:24:33 -0800
Subject: Fix firewall conntrack teardown.

---
 scripts/firewall/vyatta-firewall.pl | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'scripts')

diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl
index 95c0198..1961541 100755
--- a/scripts/firewall/vyatta-firewall.pl
+++ b/scripts/firewall/vyatta-firewall.pl
@@ -179,13 +179,15 @@ if (defined $teardown) {
 
   # remove the conntrack setup.
   my $num;
-  $num = find_chain_rule($iptables_cmd, 'raw', 'PREROUTING', 'FW_CONNTRACK');
-  if (defined $num and ! is_tree_in_use($other_tree{$teardown})) {
-    run_cmd("$iptables_cmd -t raw -D PREROUTING $num", 1, 1);
-    run_cmd("$iptables_cmd -t raw -D OUTPUT $num", 1, 1);
-    run_cmd("$iptables_cmd -t raw -F FW_CONNTRACK", 1, 1);
-    run_cmd("$iptables_cmd -t raw -X FW_CONNTRACK", 1, 1);
+  foreach my $label ('PREROUTING', 'OUTPUT') {
+    $num = find_chain_rule($iptables_cmd, 'raw', $label, 'FW_CONNTRACK');
+    if (defined $num and ! is_tree_in_use($other_tree{$teardown})) {
+      run_cmd("$iptables_cmd -t raw -D $label $num", 1, 1);
+    }
   }
+  run_cmd("$iptables_cmd -t raw -F FW_CONNTRACK", 1, 1);
+  run_cmd("$iptables_cmd -t raw -X FW_CONNTRACK", 1, 1);
+
   exit 0;
 }
 
-- 
cgit v1.2.3