diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-05-06 16:47:28 -0700 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-05-06 16:47:28 -0700 |
| commit | 58a5f4da6bf1772a2d20a6ae202fc6611eb4bbfc (patch) | |
| tree | 960701619046af60f52581eaf26f372535a4151f | |
| parent | 286c4cad8406c3b1e4686f980309034b6b5d2dc7 (diff) | |
| download | vyatta-cfg-system-58a5f4da6bf1772a2d20a6ae202fc6611eb4bbfc.tar.gz vyatta-cfg-system-58a5f4da6bf1772a2d20a6ae202fc6611eb4bbfc.zip | |
* do silent validity check when creating zone chains and adding from zone rules
| -rwxr-xr-x | scripts/zone-mgmt/vyatta-zone.pl | 25 | ||||
| -rw-r--r-- | templates/zone-policy/node.def | 2 | ||||
| -rw-r--r-- | templates/zone-policy/zone/node.tag/from/node.def | 5 |
3 files changed, 29 insertions, 3 deletions
diff --git a/scripts/zone-mgmt/vyatta-zone.pl b/scripts/zone-mgmt/vyatta-zone.pl index b4fc7ad3..37bab3cd 100755 --- a/scripts/zone-mgmt/vyatta-zone.pl +++ b/scripts/zone-mgmt/vyatta-zone.pl @@ -635,12 +635,32 @@ sub set_default_policy { return; } +sub check_zones_validity { + my $silent = shift; + my $error; + $error = Vyatta::Zone::validity_checks(); + if ($error) { + if ($silent eq 'true') { + # called from from/node.def which is a different transaction + # than everything else under zone-policy. We do not want to + # make chains or insert from rules into chains if we have a + # malfunctioning configuration. We fail in a silent way here + # so that when this function is called from zone-policy/node.def + # we will print the error and not repeat the same error twice + exit 1; + } else { + return ($error , ); + } + } + return; +} + # # main # my ($action, $zone_name, $interface, $from_zone, $ruleset_type, $ruleset_name, - $default_policy); + $default_policy, $silent_validate); GetOptions("action=s" => \$action, "zone-name=s" => \$zone_name, @@ -649,6 +669,7 @@ GetOptions("action=s" => \$action, "ruleset-type=s" => \$ruleset_type, "ruleset-name=s" => \$ruleset_name, "default-policy=s" => \$default_policy, + "silent-validate=s" => \$silent_validate, ); die "undefined action" if ! defined $action; @@ -672,7 +693,7 @@ my ($error, $warning); ($error, $warning) = delete_fromzone_fw($zone_name, $from_zone, $ruleset_type, $ruleset_name) if $action eq 'delete-fromzone-fw'; -($error, $warning) = Vyatta::Zone::validity_checks() +($error, $warning) = check_zones_validity($silent_validate) if $action eq 'validity-checks'; ($error, $warning) = add_localzone($zone_name) diff --git a/templates/zone-policy/node.def b/templates/zone-policy/node.def index 2633101e..c4b62433 100644 --- a/templates/zone-policy/node.def +++ b/templates/zone-policy/node.def @@ -1,5 +1,5 @@ help: Configure zone-policy begin: -if ! /opt/vyatta/sbin/vyatta-zone.pl --action=validity-checks --zone-name=none; then +if ! /opt/vyatta/sbin/vyatta-zone.pl --action=validity-checks --zone-name=none --silent-validate=false; then exit 1 fi diff --git a/templates/zone-policy/zone/node.tag/from/node.def b/templates/zone-policy/zone/node.tag/from/node.def index 5273519a..5e37f9f1 100644 --- a/templates/zone-policy/zone/node.tag/from/node.def +++ b/templates/zone-policy/zone/node.tag/from/node.def @@ -7,6 +7,11 @@ allowed: zones=( /opt/vyatta/config/active/zone-policy/zone/* ) echo -n ${zones[@]##*/} +begin: +if ! /opt/vyatta/sbin/vyatta-zone.pl --action=validity-checks --zone-name=none --silent-validate=true; then + exit 1 +fi + create: parent_zone=$VAR(../@) zones=($VAR(../@@)) |