From 7272364a23c9f00f17f719c1efee756d960e8984 Mon Sep 17 00:00:00 2001 From: Marian Tudosoiu Date: Thu, 19 Apr 2018 10:57:25 +0300 Subject: Task T35 - enable prune-deleted-sets for inet6 family firewall templates --- templates/firewall/ipv6-name/node.def | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'templates/firewall') diff --git a/templates/firewall/ipv6-name/node.def b/templates/firewall/ipv6-name/node.def index e7e1167..2e20b9a 100644 --- a/templates/firewall/ipv6-name/node.def +++ b/templates/firewall/ipv6-name/node.def @@ -14,17 +14,21 @@ syntax:expression: ! pattern $VAR(@) "^VZONE" ; \ end: if sudo /opt/vyatta/sbin/vyatta-firewall.pl --update-rules "firewall ipv6-name" "$VAR(@)" ; then - if [ ${COMMIT_ACTION} = 'DELETE' ] ; + if [ ${COMMIT_ACTION} = 'DELETE' ] ; then if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown-ok "firewall ipv6-name" ; then - sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown "firewall ipv6-name" + if sudo /opt/vyatta/sbin/vyatta-firewall.pl --teardown "firewall ipv6-name"; then + ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)" + fi fi + else + ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)" fi else exit 1; fi - ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall ipv6-name $VAR(@)" + sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=prune-deleted-sets create: sudo /opt/vyatta/sbin/vyatta-firewall.pl --setup ip6tables "firewall ipv6-name" -- cgit v1.2.3