summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMohit Mehta <mohit@vyatta.com>2010-09-21 17:36:46 -0700
committerMohit Mehta <mohit@vyatta.com>2010-09-21 17:36:46 -0700
commite80b2aa57b82f862d9d567520703be6f4cad43b2 (patch)
tree5eeee5b5b47def43cc6d7400eb6fdf5c43b27c3c
parent7042686e2ff93b9c67b0fc4d34ac3c6e04ff73c6 (diff)
downloadvyatta-cfg-system-e80b2aa57b82f862d9d567520703be6f4cad43b2.tar.gz
vyatta-cfg-system-e80b2aa57b82f862d9d567520703be6f4cad43b2.zip
* use count_iptables_rule from MISC module
-rwxr-xr-xscripts/zone-mgmt/vyatta-zone.pl15
1 files changed, 8 insertions, 7 deletions
diff --git a/scripts/zone-mgmt/vyatta-zone.pl b/scripts/zone-mgmt/vyatta-zone.pl
index f8d9b5a5..6597dd10 100755
--- a/scripts/zone-mgmt/vyatta-zone.pl
+++ b/scripts/zone-mgmt/vyatta-zone.pl
@@ -28,6 +28,7 @@ use POSIX;
use lib "/opt/vyatta/share/perl5";
use Vyatta::Zone;
+use Vyatta::Misc;
use warnings;
use strict;
@@ -60,7 +61,7 @@ sub setup_default_policy {
$error = Vyatta::Zone::run_cmd("$cmd");
return "Error: set default policy $zone_chain failed [$error]" if $error;
- my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$tree},
+ my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$tree},
$table_hash{$tree}, $zone_chain);
# if there's a drop|reject rule at rule_cnt - 1 then remove that
@@ -140,7 +141,7 @@ sub insert_from_rule {
if (defined $ruleset_name) {
# get number of rules in ruleset_name
- my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$ruleset_type},
+ my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$ruleset_type},
$table_hash{$ruleset_type}, "$zone_chain");
# append rules before last drop all rule
my $insert_at_rule_num=1;
@@ -263,8 +264,8 @@ sub do_firewall_interface_zone {
failed [$error]" if $error;
}
- # need to do this as an append before VYATTA_POST_FW_HOOK
- my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$tree},
+ # need to do this as an append before VYATTA_POST_FW_*_HOOK
+ my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$tree},
$table_hash{$tree}, "FORWARD");
my $insert_at_rule_num=1;
if ( $rule_cnt > 1 ) {
@@ -376,7 +377,7 @@ sub do_firewall_localzone {
my $zone_chain=Vyatta::Zone::get_zone_chain("exists", $zone_name);
foreach my $tree (keys %cmd_hash) {
- my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$tree},
+ my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$tree},
$table_hash{$tree}, "INPUT");
my $insert_at_rule_num=1;
if ( $rule_cnt > 1 ) {
@@ -618,7 +619,7 @@ sub add_fromzone_fw {
# add jump to local-zone-out chain in OUTPUT chains for [ip and ip6]tables
foreach my $tree (keys %cmd_hash) {
# if jump to localzoneout chain not inserted, then insert rule
- my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$tree},
+ my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$tree},
$table_hash{$tree}, "OUTPUT");
my $insert_at_rule_num=1;
if ( $rule_cnt > 1 ) {
@@ -671,7 +672,7 @@ sub delete_fromzone_fw {
# if only drop rule & localhost allow rule in $zone_chain in both
# [ip and ip6]tables then delete jump from OUTPUT chain in both
foreach my $tree (keys %cmd_hash) {
- my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$tree},
+ my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$tree},
$table_hash{$tree}, $zone_chain);
if ($rule_cnt > 2) {
# atleast one of [ip or ip6]tables has local-zone as a from zone