diff options
author | Mohit Mehta <mohit@vyatta.com> | 2010-09-21 17:36:46 -0700 |
---|---|---|
committer | Mohit Mehta <mohit@vyatta.com> | 2010-09-21 17:36:46 -0700 |
commit | e80b2aa57b82f862d9d567520703be6f4cad43b2 (patch) | |
tree | 5eeee5b5b47def43cc6d7400eb6fdf5c43b27c3c /scripts/zone-mgmt | |
parent | 7042686e2ff93b9c67b0fc4d34ac3c6e04ff73c6 (diff) | |
download | vyatta-cfg-system-e80b2aa57b82f862d9d567520703be6f4cad43b2.tar.gz vyatta-cfg-system-e80b2aa57b82f862d9d567520703be6f4cad43b2.zip |
* use count_iptables_rule from MISC module
Diffstat (limited to 'scripts/zone-mgmt')
-rwxr-xr-x | scripts/zone-mgmt/vyatta-zone.pl | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/scripts/zone-mgmt/vyatta-zone.pl b/scripts/zone-mgmt/vyatta-zone.pl index f8d9b5a5..6597dd10 100755 --- a/scripts/zone-mgmt/vyatta-zone.pl +++ b/scripts/zone-mgmt/vyatta-zone.pl @@ -28,6 +28,7 @@ use POSIX; use lib "/opt/vyatta/share/perl5"; use Vyatta::Zone; +use Vyatta::Misc; use warnings; use strict; @@ -60,7 +61,7 @@ sub setup_default_policy { $error = Vyatta::Zone::run_cmd("$cmd"); return "Error: set default policy $zone_chain failed [$error]" if $error; - my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$tree}, + my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$tree}, $table_hash{$tree}, $zone_chain); # if there's a drop|reject rule at rule_cnt - 1 then remove that @@ -140,7 +141,7 @@ sub insert_from_rule { if (defined $ruleset_name) { # get number of rules in ruleset_name - my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$ruleset_type}, + my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$ruleset_type}, $table_hash{$ruleset_type}, "$zone_chain"); # append rules before last drop all rule my $insert_at_rule_num=1; @@ -263,8 +264,8 @@ sub do_firewall_interface_zone { failed [$error]" if $error; } - # need to do this as an append before VYATTA_POST_FW_HOOK - my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$tree}, + # need to do this as an append before VYATTA_POST_FW_*_HOOK + my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$tree}, $table_hash{$tree}, "FORWARD"); my $insert_at_rule_num=1; if ( $rule_cnt > 1 ) { @@ -376,7 +377,7 @@ sub do_firewall_localzone { my $zone_chain=Vyatta::Zone::get_zone_chain("exists", $zone_name); foreach my $tree (keys %cmd_hash) { - my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$tree}, + my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$tree}, $table_hash{$tree}, "INPUT"); my $insert_at_rule_num=1; if ( $rule_cnt > 1 ) { @@ -618,7 +619,7 @@ sub add_fromzone_fw { # add jump to local-zone-out chain in OUTPUT chains for [ip and ip6]tables foreach my $tree (keys %cmd_hash) { # if jump to localzoneout chain not inserted, then insert rule - my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$tree}, + my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$tree}, $table_hash{$tree}, "OUTPUT"); my $insert_at_rule_num=1; if ( $rule_cnt > 1 ) { @@ -671,7 +672,7 @@ sub delete_fromzone_fw { # if only drop rule & localhost allow rule in $zone_chain in both # [ip and ip6]tables then delete jump from OUTPUT chain in both foreach my $tree (keys %cmd_hash) { - my $rule_cnt = Vyatta::Zone::count_iptables_rules($cmd_hash{$tree}, + my $rule_cnt = Vyatta::Misc::count_iptables_rules($cmd_hash{$tree}, $table_hash{$tree}, $zone_chain); if ($rule_cnt > 2) { # atleast one of [ip or ip6]tables has local-zone as a from zone |