templates/firewall/state-policy/node.def


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

priority: 200
help: Global firewall state-policy

commit:expression: $VAR(./established) != "" || $VAR(./related) != ""
        || $VAR(./invalid) != "";
        "No policy set for either 'established', 'related', or 'invalid' state"

begin:
        if ! /opt/vyatta/sbin/vyatta-fw-global-state-policy.pl  \
          --action=state-policy-validity-checks; then           \
          exit 1
        fi

create:
        if ! /opt/vyatta/sbin/vyatta-fw-global-state-policy.pl  \
          --action=setup-state-policy; then                     \
          exit 1
        fi

delete:
        if ! /opt/vyatta/sbin/vyatta-fw-global-state-policy.pl  \
          --action=teardown-state-policy; then                  \
          exit 1
        fi

end: 
        if ! /opt/vyatta/sbin/vyatta-fw-global-state-policy.pl  \
          --action=set-state-actions; then              \
          exit 1
        fi
        if ! /opt/vyatta/sbin/vyatta-fw-global-state-policy.pl  \
          --action=enable-disable-conntrack; then               \
          exit 1
        fi
        ${vyatta_sbindir}/vyatta-firewall-trap.pl --level="firewall state-policy $VAR(@)"