From 8519768fc563db29e29d9e81ca3198b7e003bc61 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Fri, 10 Jul 2009 16:50:03 -0700 Subject: Fix 4683: Firewall Rule number maximum 1024 reached (cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a) --- scripts/firewall/vyatta-firewall.pl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index 209791d..a14ef19 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -24,6 +24,8 @@ my $syslog_flag = 0; my $fw_stateful_file = '/var/run/vyatta_fw_stateful'; my $fw_tree_file = '/var/run/vyatta_fw_trees'; +my $max_rule = 10000; + my (@setup, @updateints, @updaterules); my ($teardown, $teardown_ok); @@ -705,7 +707,7 @@ sub set_default_policy { $policy = 'drop' if ! defined $policy; log_msg("set_default_policy($iptables_cmd, $table, $chain, $policy)\n"); my $target = $policy_hash{$policy}; - my $comment = "-m comment --comment \"$chain-1025 default-action $policy\""; + my $comment = "-m comment --comment \"$chain-$max_rule default-action $policy\""; run_cmd("$iptables_cmd -t $table -A $chain $comment -j $target", 1, 1); } @@ -726,7 +728,7 @@ sub change_default_policy { $policy = 'drop' if ! defined $policy; log_msg("change_default_policy($iptables_cmd, $table, $chain, $policy)\n"); my $target = $policy_hash{$policy}; - my $comment = "-m comment --comment \"$chain-1025 default-action $policy\""; + my $comment = "-m comment --comment \"$chain-$max_rule default-action $policy\""; my $default_rule = count_iptables_rules($table, $chain, $iptables_cmd); run_cmd("$iptables_cmd -t $table -A $chain $comment -j $target", 1, 1); run_cmd("$iptables_cmd -t $table -D $chain $default_rule", 1, 1); -- cgit v1.2.3