From 68c50c0fd6c97e89598fffae230127d249e94cf1 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Wed, 4 Mar 2009 11:55:40 -0800 Subject: Don't attempt to delete ruleset from "other" trees When a ruleset was being applied to an interface, the code previously attempted to find out if that ruleset name was being applied to that same interface and in the same direction, but under a different "tree" name (e.g. "name", "ipv6-name", "modify", etc.). If it found a match, it would delete the other rule. But the matching logic was insufficient, so it killed off some random other rule instead. There is really no need to perform this check anyway, so I have removed it. --- scripts/firewall/vyatta-firewall.pl | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'scripts') diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index 0f2e328..4c39156 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -88,15 +88,7 @@ if ($#updateints == 4) { "Rule set \"$chain\" is not configured\n"; exit 1; } - # chain must have been set up. no need to set up again. - # user may specify a chain in a different tree. try to delete it - # from the "other" trees first. - foreach my $other_tree (keys %table_hash) { - if ($other_tree ne $tree) { - update_ints('delete', $int_name, $direction, $chain, $tree, - $table_hash{$other_tree}, $cmd_hash{$other_tree}); - } - } + # do update action. update_ints(@updateints, $table, $iptables_cmd); } else { -- cgit v1.2.3