Fix Bug 4554 check for existing firewall ruleset fails when applying it to a zone during boot

* use isActive to check if firewall ruleset has been succesfully committed
* fix templates to fail inside an action field when a command fails

1 files changed, 10 insertions, 4 deletions

diff --git a/templates/zone-policy/zone/node.def b/templates/zone-policy/zone/node.def
index 1f8f2ffd..80e4f4e2 100644
--- a/templates/zone-policy/zone/node.def
+++ b/templates/zone-policy/zone/node.def
@@ -12,10 +12,16 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Zone name cannot start with \"-\""
 
 syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Zone name cannot contain ';'"
 
-create: /opt/vyatta/sbin/vyatta-zone.pl 	\
+create: 
+	if ! /opt/vyatta/sbin/vyatta-zone.pl 	\
           --action=add-zone                 	\
-          --zone-name="$VAR(@)"
+          --zone-name="$VAR(@)"; then
+          exit 1
+        fi
 
-delete: /opt/vyatta/sbin/vyatta-zone.pl 	\
+delete: 
+	if ! /opt/vyatta/sbin/vyatta-zone.pl 	\
           --action=delete-zone                 	\
-          --zone-name="$VAR(@)"
+          --zone-name="$VAR(@)"; then
+          exit 1
+        fi