From 5b0c60a45ac748d4bd670c8c8ce01f719c9a8259 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Fri, 24 Feb 2012 19:02:24 -0800 Subject: Bug Fix for 7751, 7753, 7757 Add commit checks for 'state-policy' sub-tree --- templates/firewall/state-policy/established/log/node.def | 3 +++ templates/firewall/state-policy/established/node.def | 3 +++ templates/firewall/state-policy/invalid/log/node.def | 3 +++ templates/firewall/state-policy/invalid/node.def | 3 +++ templates/firewall/state-policy/node.def | 4 ++++ templates/firewall/state-policy/related/log/node.def | 3 +++ templates/firewall/state-policy/related/node.def | 3 +++ 7 files changed, 22 insertions(+) (limited to 'templates/firewall') diff --git a/templates/firewall/state-policy/established/log/node.def b/templates/firewall/state-policy/established/log/node.def index 78125ae..aaa47bb 100644 --- a/templates/firewall/state-policy/established/log/node.def +++ b/templates/firewall/state-policy/established/log/node.def @@ -1 +1,4 @@ help: Option to log packets part of an established connection + +commit:expression: $VAR(./enable) != ""; + "Need to set 'enable' to log packets part of an established connection" diff --git a/templates/firewall/state-policy/established/node.def b/templates/firewall/state-policy/established/node.def index 8a199e2..2aa7526 100644 --- a/templates/firewall/state-policy/established/node.def +++ b/templates/firewall/state-policy/established/node.def @@ -1 +1,4 @@ help: Global firewall policy for packets part of an established connection + +commit:expression: $VAR(./action/) != ""; + "No action set for state 'established'" diff --git a/templates/firewall/state-policy/invalid/log/node.def b/templates/firewall/state-policy/invalid/log/node.def index cfd56b3..73a3915 100644 --- a/templates/firewall/state-policy/invalid/log/node.def +++ b/templates/firewall/state-policy/invalid/log/node.def @@ -1 +1,4 @@ help: Option to log packets part of an invalid connection + +commit:expression: $VAR(./enable) != ""; + "Need to set 'enable' to log packets part of an invalid connection" diff --git a/templates/firewall/state-policy/invalid/node.def b/templates/firewall/state-policy/invalid/node.def index 71bbf20..2495327 100644 --- a/templates/firewall/state-policy/invalid/node.def +++ b/templates/firewall/state-policy/invalid/node.def @@ -1 +1,4 @@ help: Global firewall policy for packets part of an invalid connection + +commit:expression: $VAR(./action/) != ""; + "No action set for state 'invalid'" diff --git a/templates/firewall/state-policy/node.def b/templates/firewall/state-policy/node.def index a745c31..230f090 100644 --- a/templates/firewall/state-policy/node.def +++ b/templates/firewall/state-policy/node.def @@ -1,6 +1,10 @@ priority: 200 help: Global firewall state-policy +commit:expression: $VAR(./established) != "" || $VAR(./related) != "" + || $VAR(./invalid) != ""; + "No policy set for either 'established', 'related', or 'invalid' state" + begin: if ! /opt/vyatta/sbin/vyatta-fw-global-state-policy.pl \ --action=state-policy-validity-checks; then \ diff --git a/templates/firewall/state-policy/related/log/node.def b/templates/firewall/state-policy/related/log/node.def index 245928b..9647b60 100644 --- a/templates/firewall/state-policy/related/log/node.def +++ b/templates/firewall/state-policy/related/log/node.def @@ -1 +1,4 @@ help: Option to log packets part of a related connection + +commit:expression: $VAR(./enable) != ""; + "Need to set 'enable' to log packets part of a related connection" diff --git a/templates/firewall/state-policy/related/node.def b/templates/firewall/state-policy/related/node.def index df8d7c0..9e4d7dd 100644 --- a/templates/firewall/state-policy/related/node.def +++ b/templates/firewall/state-policy/related/node.def @@ -1 +1,4 @@ help: Global firewall policy for packets part of a related connection + +commit:expression: $VAR(./action/) != ""; + "No action set for state 'related'" -- cgit v1.2.3