diff options
| author | Stig Thormodsrud <stig@uffda.(none)> | 2007-11-15 18:18:02 -0800 |
|---|---|---|
| committer | Stig Thormodsrud <stig@uffda.(none)> | 2007-11-15 18:18:02 -0800 |
| commit | 40b35c571d3ddb98f8bfcc734c286ffd41a113a4 (patch) | |
| tree | 02e52e85433fbd06f159fbbb5f7c389a115b594f | |
| parent | 17a7c7d56e1ec21821a3527f1f14953bd3ed02a5 (diff) | |
| download | vyatta-cfg-quagga-40b35c571d3ddb98f8bfcc734c286ffd41a113a4.tar.gz vyatta-cfg-quagga-40b35c571d3ddb98f8bfcc734c286ffd41a113a4.zip | |
Fix "set policy access-list destination any".
| -rwxr-xr-x | scripts/policy/vyatta-policy.pl | 23 | ||||
| -rw-r--r-- | templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def | 4 |
2 files changed, 19 insertions, 8 deletions
diff --git a/scripts/policy/vyatta-policy.pl b/scripts/policy/vyatta-policy.pl index ae04470f..00aa5fc5 100755 --- a/scripts/policy/vyatta-policy.pl +++ b/scripts/policy/vyatta-policy.pl @@ -103,14 +103,27 @@ sub update_as_path() { exit 0; } +sub is_access_list { + my $list = shift; + + my $count = `vtysh -c \"show ip access-list $list\" | grep $list | wc -l`; + if ($count > 0) { + return 1; + } else { + return 0; + } +} + sub update_access_list() { my $list = shift; my $config = new VyattaConfig; my @rules = (); my $rule; - # remove the old rule - system ("$VTYSH -c \"configure terminal\" -c \"no access-list $list\" "); + # remove the old rule if it already exists + if (is_access_list($list)) { + system ("$VTYSH -c \"configure terminal\" -c \"no access-list $list\" "); + } $config->setLevel("policy access-list $list rule"); @rules = $config->listNodes(); @@ -136,8 +149,7 @@ sub update_access_list() { $srcmsk = $config->returnValue("$rule source inverse-mask"); } else { - $src = $config->returnValue("$rule source any"); - if ("$src" eq "true") { $src = "any"; } + if ($config->exists("$rule source any")) { $src = "any"; } else { print "error in source section of access-list $list rule $rule\n"; exit 1; @@ -157,8 +169,7 @@ sub update_access_list() { $dstmsk = $config->returnValue("$rule destination inverse-mask"); } else { - $dst = $config->returnValue("$rule destination any"); - if ("$dst" eq "true") { $dst = "any"; } + if ($config->exists("$rule destination any")) { $dst = "any"; } else { print "error in destination section of access-list $list rule $rule\n"; exit 1; diff --git a/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def b/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def index 999c4d21..96ab32c9 100644 --- a/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def +++ b/templates/policy/access-list/node.tag/rule/node.tag/destination/any/node.def @@ -1,6 +1,6 @@ help: "Filter any IP address" -syntax: ($(../../@) >= 100 && $(../../@) <= 199) || ($(../../@) >= 2000) && $(../../@) <= 2699); " \ -To set destination filter parameters, the access-list rule number must be \n \ +syntax: ($(../../../@) >= 100 && $(../../../@) <= 199) || ($(../../../@) >= 2000 && $(../../../@) <= 2699); " \ +To set destination filter parameters, the access-list number must be \n \ <100-199> IP extended access list \n \ <2000-2699> IP extended access list (expanded range) \n" commit: $(../../action/) != ""; "You must specify an action before committing" |