From 77e338a9b5e668fb1104e2fb939a90b4d73f7ab0 Mon Sep 17 00:00:00 2001
From: Stig <sthormod@gmail.com>
Date: Mon, 29 Aug 2011 14:40:40 -0700
Subject: Fix Bug 7477 firewall group negation doesn't work in vc6.3 * use
 Ipset.pm method rather than CLI path to validate group name   when using
 group as a match condition in a firewall ruleset

---
 scripts/firewall/vyatta-ipset.pl | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'scripts')

diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl
index 5dfe3a9..90abc34 100755
--- a/scripts/firewall/vyatta-ipset.pl
+++ b/scripts/firewall/vyatta-ipset.pl
@@ -83,9 +83,13 @@ sub ipset_check_set_type {
    die "Error: undefined set_name\n" if ! defined $set_name; 
    die "Error: undefined set_type\n" if ! defined $set_type; 
 
-   my $cfg = new Vyatta::Config;
-   return "Group [$set_name] has not been defined\n"
-    if (!$cfg->exists("firewall group $set_type-group $set_name"));
+   my $group = new Vyatta::IpTables::IpSet($set_name);
+   return "Group [$set_name] has not been defined\n" if ! $group->exists();
+   my $type = $group->get_type();
+   $type = 'undefined' if ! defined $type;
+   if ($type ne $set_type) {
+       return "Error: group [$set_name] is of type [$type] not [$set_type]\n";
+   }
    return;
 }
 
-- 
cgit v1.2.3