From c690c60ff29d8ee2f3f62bc38d99c05f3300002f Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit.mehta@vyatta.com>
Date: Fri, 8 May 2009 17:14:04 -0700
Subject: Fix Bug 4388 firewall name shouldn't have been set after commit
 failed * undo chain setup and refcnt work if chain rule failed during chain
 creation

---
 scripts/firewall/vyatta-firewall.pl | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'scripts')

diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl
index 888563e..84319fa 100755
--- a/scripts/firewall/vyatta-firewall.pl
+++ b/scripts/firewall/vyatta-firewall.pl
@@ -406,6 +406,11 @@ sub update_rules {
       
       my ($err_str, @rule_strs) = $node->rule();
       if (defined($err_str)) {
+        if ($nodes{$name} eq 'added') {
+          # undo setup_chain work, remove_refcnt
+          delete_chain($table, "$name", $iptables_cmd);
+          remove_refcnt($fw_tree_file, "$tree.$name");
+        }
         print STDERR "Firewall config error: $err_str\n";
         exit 1;
       }
@@ -416,7 +421,14 @@ sub update_rules {
           
         run_cmd("$iptables_cmd -t $table --insert $name $iptablesrule $_", 
                 0, 0);
-        die "$iptables_cmd error: $! - $_" if ($? >> 8);
+        if ($? >> 8) {
+          if ($nodes{$name} eq 'added') {
+            # undo setup_chain work, remove_refcnt
+            delete_chain($table, "$name", $iptables_cmd);
+            remove_refcnt($fw_tree_file, "$tree.$name");
+          }
+          die "$iptables_cmd error: $! - $_";
+        }
         $iptablesrule++;
       }
     } elsif ("$rulehash{$rule}" eq 'changed') {
-- 
cgit v1.2.3