allow non-root to clear nat counters

Part of bugfix 2698
author: Stephen Hemminger <stephen.hemminger@vyatta.com> 2008-03-07 10:16:45 -0800
committer: Stephen Hemminger <stephen.hemminger@vyatta.com> 2008-03-07 10:16:45 -0800
commit: 3b185ab75f3189164b6d1c0721eb66de3c118b2e (patch)
tree: 8cd5cb49bb1c853e4ccb41c8b0155952197e799d
parent: 723c2abba6ca328cac56147c29c98360b712a6ab (diff)
download: vyatta-cfg-system-3b185ab75f3189164b6d1c0721eb66de3c118b2e.tar.gz
vyatta-cfg-system-3b185ab75f3189164b6d1c0721eb66de3c118b2e.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index ad9c5fda..979760f6 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -32,10 +32,11 @@ if [ "$sysconfdir" != "/etc" ]; then
     # Allow operator to do a limited number of commands without password
     cat <<"EOF" >>/etc/sudoers
 Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\
-                      /sbin/iptables -Z *,\
 		      /sbin/iptables -L -vn,\
                       /sbin/iptables -L * -vn,\
-		      /sbin/iptables -t * -L -vn
+		      /sbin/iptables -t * -L -vn, \
+                      /sbin/iptables -Z *,\
+		      /sbin/iptables -Z -t nat
 Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \
 		     /sbin/ip route flush cache *,\
 		     /sbin/ip neigh flush to *, \
author	Stephen Hemminger <stephen.hemminger@vyatta.com>	2008-03-07 10:16:45 -0800
committer	Stephen Hemminger <stephen.hemminger@vyatta.com>	2008-03-07 10:16:45 -0800
commit	3b185ab75f3189164b6d1c0721eb66de3c118b2e (patch)
tree	8cd5cb49bb1c853e4ccb41c8b0155952197e799d
parent	723c2abba6ca328cac56147c29c98360b712a6ab (diff)
download	vyatta-cfg-system-3b185ab75f3189164b6d1c0721eb66de3c118b2e.tar.gz vyatta-cfg-system-3b185ab75f3189164b6d1c0721eb66de3c118b2e.zip