diff options
20 files changed, 214 insertions, 119 deletions
diff --git a/debian/changelog b/debian/changelog index b70cfbd2..df805f1e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,76 @@ +vyatta-cfg-system (0.15.48+jenner38) unstable; urgency=low + + * UNRELEASED + + -- Stephen Hemminger <stephen.hemminger@vyatta.com> Thu, 09 Jul 2009 04:54:29 -0700 + +vyatta-cfg-system (0.15.48+jenner37) unstable; urgency=low + + * Fix descriptions with meta-characters + + -- Stephen Hemminger <stephen.hemminger@vyatta.com> Tue, 07 Jul 2009 15:35:13 -0700 + +vyatta-cfg-system (0.15.48+jenner36) unstable; urgency=low + + * Revert "Allow user to select round-robin mode." + * Allow round-robin to be selected + + -- Stephen Hemminger <stephen.hemminger@vyatta.com> Tue, 07 Jul 2009 14:36:20 -0700 + +vyatta-cfg-system (0.15.48+jenner35) unstable; urgency=low + + * Allow disable of bonding interface with VIF + + -- Stephen Hemminger <stephen.hemminger@vyatta.com> Tue, 07 Jul 2009 14:26:05 -0700 + +vyatta-cfg-system (0.15.48+jenner34) unstable; urgency=low + + [ Mohit Mehta ] + * 0.15.48+jenner33 + + [ Stephen Hemminger ] + * Block creating vif until after slaves present + + -- Stephen Hemminger <stephen.hemminger@vyatta.com> Tue, 07 Jul 2009 14:16:28 -0700 + +vyatta-cfg-system (0.15.48+jenner33) unstable; urgency=low + + * Fix Bug 4554 check for existing firewall ruleset fails when applying + it to a zone during boot + + -- Mohit Mehta <mohit.mehta@vyatta.com> Thu, 02 Jul 2009 12:19:50 -0700 + +vyatta-cfg-system (0.15.48+jenner32) unstable; urgency=low + + * Allow user to select round-robin mode. + + -- Mark O'Brien <mark@vyatta.com> Wed, 01 Jul 2009 17:47:20 -0700 + +vyatta-cfg-system (0.15.48+jenner31) unstable; urgency=low + + * Fix 'sh: line 1:' error ing bug 4655. + + -- Mark O'Brien <mark@vyatta.com> Wed, 01 Jul 2009 16:17:18 -0700 + +vyatta-cfg-system (0.15.48+jenner30) unstable; urgency=low + + * Fix Bug 4593 zone-policy can't be deleted if zone interfaces are + bridges + + -- Mohit Mehta <mohit.mehta@vyatta.com> Tue, 30 Jun 2009 18:25:32 -0700 + +vyatta-cfg-system (0.15.48+jenner29) unstable; urgency=low + + * make changes to work with dhcp 4.1.0 + + -- Mohit Mehta <mohit.mehta@vyatta.com> Fri, 26 Jun 2009 18:49:43 -0700 + +vyatta-cfg-system (0.15.48+jenner28) unstable; urgency=low + + * Added link detect to ethernet bonded vlan interfaces. + + -- Mark O'Brien <mark@vyatta.com> Fri, 26 Jun 2009 14:28:30 -0700 + vyatta-cfg-system (0.15.48+jenner27) unstable; urgency=low * Update hooks to setup config files for installing to a Xen VM. diff --git a/scripts/netplug/linkdown/dhclient b/scripts/netplug/linkdown/dhclient index a69caed3..555ff913 100755 --- a/scripts/netplug/linkdown/dhclient +++ b/scripts/netplug/linkdown/dhclient @@ -41,7 +41,8 @@ sub stop_dhclient { my $intf = shift; my $dhcp_daemon = '/sbin/dhclient'; my ($intf_config_file, $intf_process_id_file, $intf_leases_file) = Vyatta::Misc::generate_dhclient_intf_files($intf); - my $release_cmd = "sudo $dhcp_daemon -q -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file -r $intf 2> /dev/null"; + my $release_cmd = "sudo $dhcp_daemon -q -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file -r $intf 2> /dev/null;"; + $release_cmd .= "sudo rm -f $intf_process_id_file 2> /dev/null"; system ($release_cmd); } diff --git a/scripts/netplug/linkup/dhclient b/scripts/netplug/linkup/dhclient index c7370841..8e50715f 100755 --- a/scripts/netplug/linkup/dhclient +++ b/scripts/netplug/linkup/dhclient @@ -41,7 +41,8 @@ sub run_dhclient { my $intf = shift; my $dhcp_daemon = '/sbin/dhclient'; my ($intf_config_file, $intf_process_id_file, $intf_leases_file) = Vyatta::Misc::generate_dhclient_intf_files($intf); - my $cmd = "sudo $dhcp_daemon -q -nw -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file $intf 2> /dev/null &"; + my $cmd = "sudo $dhcp_daemon -pf $intf_process_id_file -x $intf 2> /dev/null; sudo rm -f $intf_process_id_file 2> /dev/null;"; + $cmd .= "sudo $dhcp_daemon -q -nw -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file $intf 2> /dev/null &"; system ($cmd); } diff --git a/scripts/vyatta-bonding.pl b/scripts/vyatta-bonding.pl index 2f2167fa..a0bdbd6e 100755 --- a/scripts/vyatta-bonding.pl +++ b/scripts/vyatta-bonding.pl @@ -48,7 +48,7 @@ my %modes = ( sub set_mode { my ($intf, $mode) = @_; my $val = $modes{$mode}; - die "Unknown bonding mode $mode\n" unless $val; + die "Unknown bonding mode $mode\n" unless defined($val); open my $fm, '>', "/sys/class/net/$intf/bonding/mode" or die "Error: $intf is not a bonding device:$!\n"; diff --git a/scripts/zone-mgmt/vyatta-zone.pl b/scripts/zone-mgmt/vyatta-zone.pl index c71fc2a1..8760b6a6 100755 --- a/scripts/zone-mgmt/vyatta-zone.pl +++ b/scripts/zone-mgmt/vyatta-zone.pl @@ -339,7 +339,7 @@ $zone_chain with failed [$error]" if $error; my @all_zones = Vyatta::Zone::get_all_zones("listOrigNodes"); foreach my $zone (@all_zones) { if (!($zone eq $zone_name)) { - my @from_zones = Vyatta::Zone::get_from_zones("listOrigNodes", $zone); + my @from_zones = Vyatta::Zone::get_from_zones("listOrigPlusComNodes", $zone); if (scalar(grep(/^$zone_name$/, @from_zones)) > 0) { foreach my $tree (keys %cmd_hash) { # call function to delete rules from $zone's chain @@ -352,7 +352,7 @@ $zone_chain with failed [$error]" if $error; } # if you have local from zone, delete interface to local zone out chain - my @my_from_zones = Vyatta::Zone::get_from_zones("listOrigNodes", $zone_name); + my @my_from_zones = Vyatta::Zone::get_from_zones("listOrigPlusComNodes", $zone_name); foreach my $fromzone (@my_from_zones) { if (defined(Vyatta::Zone::is_local_zone("existsOrig", $fromzone))) { foreach my $tree (keys %cmd_hash) { @@ -433,7 +433,7 @@ $zone_chain chain failed [$error]" if $error; my @all_zones = Vyatta::Zone::get_all_zones("listOrigNodes"); foreach my $zone (@all_zones) { if (!($zone eq $zone_name)) { - my @from_zones = Vyatta::Zone::get_from_zones("listOrigNodes", $zone); + my @from_zones = Vyatta::Zone::get_from_zones("listOrigPlusComNodes", $zone); if (scalar(grep(/^$zone_name$/, @from_zones)) > 0) { foreach my $tree (keys %cmd_hash) { my @zone_interfaces = @@ -689,6 +689,14 @@ sub check_zones_validity { return; } +sub check_fwruleset_isActive { + my ($ruleset_type, $ruleset_name) = @_; + my $error = Vyatta::Zone::is_fwruleset_active('isActive', + $ruleset_type, $ruleset_name); + return "Invalid firewall ruleset $ruleset_type $ruleset_name" if $error; + return; +} + # # main # @@ -739,6 +747,9 @@ my ($error, $warning); ($error, $warning) = set_default_policy($zone_name, $default_policy) if $action eq 'set-default-policy'; +($error, $warning) = check_fwruleset_isActive($ruleset_type, $ruleset_name) + if $action eq 'is-fwruleset-active'; + if (defined $warning) { print "$warning\n"; } diff --git a/templates/interfaces/bonding/node.def b/templates/interfaces/bonding/node.def index be8baaee..53800dba 100644 --- a/templates/interfaces/bonding/node.def +++ b/templates/interfaces/bonding/node.def @@ -10,7 +10,7 @@ create: sudo sh -c "echo +$VAR(@) > /sys/class/net/bonding_masters" || exit 1 sudo ip link set "$VAR(@)" up /opt/vyatta/sbin/vyatta-link-detect $VAR(@) on delete: SLAVES=`cat /sys/class/net/$VAR(@)/bonding/slaves`; - if [ -z $SLAVES ] + if [ -z "$SLAVES" ] then sudo sh -c "echo -$VAR(@) > /sys/class/net/bonding_masters" else diff --git a/templates/interfaces/bonding/node.tag/description/node.def b/templates/interfaces/bonding/node.tag/description/node.def index d7becd13..1fcca391 100644 --- a/templates/interfaces/bonding/node.tag/description/node.def +++ b/templates/interfaces/bonding/node.tag/description/node.def @@ -1,4 +1,4 @@ type: txt help: Set description for this interface -update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/ifalias" +update: sudo ip li set dev $VAR(../@) alias "$VAR(@)" delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../@)/ifalias" diff --git a/templates/interfaces/bonding/node.tag/disable/node.def b/templates/interfaces/bonding/node.tag/disable/node.def index 3d3ffef9..ad033365 100644 --- a/templates/interfaces/bonding/node.tag/disable/node.def +++ b/templates/interfaces/bonding/node.tag/disable/node.def @@ -1,10 +1,5 @@ help: Set interface disabled -create: vif=`/opt/vyatta/sbin/vyatta-interfaces.pl --vif=$VAR(../@) --show=all` - if [ ! -z "$vif" ]; then - echo "Can not disable interface " $VAR(../@) " with vif:" $vif - exit 1 - fi - /etc/netplug/linkdown.d/dhclient $VAR(../@) +create: /etc/netplug/linkdown.d/dhclient $VAR(../@) if ! sudo ip link set $VAR(../@) down 2>/dev/null; then echo "Error disabling dev $VAR(../@)" /etc/netplug/linkup.d/dhclient $VAR(../@) diff --git a/templates/interfaces/bonding/node.tag/vif/node.def b/templates/interfaces/bonding/node.tag/vif/node.def index c3087022..0e292217 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.def @@ -2,14 +2,14 @@ tag: type: u32 help: Set Virtual Local Area Network (VLAN) ID syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 4094; "VLAN ID must be between 0 and 4094" -create: read flags < /sys/class/net/$VAR(../@)/flags - if [ $(( flags & 1 )) -eq 0 ] - then - echo "Can not create VLAN on disabled interface: " $VAR(../@) - exit 1 - fi - sudo ip link add link $VAR(../@) name "$VAR(../@).$VAR(@)" type vlan id $VAR(@) || exit 1 +create: read -a SLAVES </sys/class/net/$VAR(../@)/bonding/slaves + if [ ${#SLAVES[*]} -eq 0 ]; then + echo "Must configure slave devices for bond interface $VAR(../@) before adding vif" + exit 1 + fi + sudo ip link add link $VAR(../@) name "$VAR(../@).$VAR(@)" type vlan id $VAR(@) || exit 1 sudo ip link set "$VAR(../@).$VAR(@)" up + sudo sh -c "/opt/vyatta/sbin/vyatta-link-detect $VAR(../@).$VAR(@) on" delete: sudo ip link delete dev "$VAR(../@).$VAR(@)" type vlan id $VAR(@) comp_help: possible completions: <0-4094> Set VLAN ID diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def index 40f04bcc..26195fcc 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/description/node.def @@ -1,4 +1,4 @@ type: txt help: Set description for this interface -update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../../@).$VAR(../@)/ifalias" +update: sudo ip li set dev "$VAR(../../@).$VAR(../@)" alias "$VAR(@)" delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../../@).$VAR(../@)/ifalias" diff --git a/templates/interfaces/bridge/node.tag/description/node.def b/templates/interfaces/bridge/node.tag/description/node.def index d7becd13..1fcca391 100644 --- a/templates/interfaces/bridge/node.tag/description/node.def +++ b/templates/interfaces/bridge/node.tag/description/node.def @@ -1,4 +1,4 @@ type: txt help: Set description for this interface -update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/ifalias" +update: sudo ip li set dev $VAR(../@) alias "$VAR(@)" delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../@)/ifalias" diff --git a/templates/interfaces/pseudo-ethernet/node.tag/description/node.def b/templates/interfaces/pseudo-ethernet/node.tag/description/node.def index d7becd13..1fcca391 100644 --- a/templates/interfaces/pseudo-ethernet/node.tag/description/node.def +++ b/templates/interfaces/pseudo-ethernet/node.tag/description/node.def @@ -1,4 +1,4 @@ type: txt help: Set description for this interface -update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/ifalias" +update: sudo ip li set dev $VAR(../@) alias "$VAR(@)" delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../@)/ifalias" diff --git a/templates/interfaces/tunnel/node.tag/description/node.def b/templates/interfaces/tunnel/node.tag/description/node.def index d7becd13..1fcca391 100644 --- a/templates/interfaces/tunnel/node.tag/description/node.def +++ b/templates/interfaces/tunnel/node.tag/description/node.def @@ -1,4 +1,4 @@ type: txt help: Set description for this interface -update: sudo sh -c "echo $VAR(@) >/sys/class/net/$VAR(../@)/ifalias" +update: sudo ip li set dev $VAR(../@) alias "$VAR(@)" delete: sudo sh -c "echo '' >/sys/class/net/$VAR(../@)/ifalias" diff --git a/templates/zone-policy/zone/node.def b/templates/zone-policy/zone/node.def index 1f8f2ffd..80e4f4e2 100644 --- a/templates/zone-policy/zone/node.def +++ b/templates/zone-policy/zone/node.def @@ -12,10 +12,16 @@ syntax:expression: pattern $VAR(@) "^[^-]" ; "Zone name cannot start with \"-\"" syntax:expression: pattern $VAR(@) "^[^;]*$" ; "Zone name cannot contain ';'" -create: /opt/vyatta/sbin/vyatta-zone.pl \ +create: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-zone \ - --zone-name="$VAR(@)" + --zone-name="$VAR(@)"; then + exit 1 + fi -delete: /opt/vyatta/sbin/vyatta-zone.pl \ +delete: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-zone \ - --zone-name="$VAR(@)" + --zone-name="$VAR(@)"; then + exit 1 + fi diff --git a/templates/zone-policy/zone/node.tag/default-action/node.def b/templates/zone-policy/zone/node.tag/default-action/node.def index 01714098..82a5a595 100644 --- a/templates/zone-policy/zone/node.tag/default-action/node.def +++ b/templates/zone-policy/zone/node.tag/default-action/node.def @@ -11,12 +11,18 @@ comp_help: possible completions: drop Drop silently (default) reject Drop and notify source -create: /opt/vyatta/sbin/vyatta-zone.pl \ +create: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=set-default-policy \ --zone-name="$VAR(../@)" \ - --default-policy="$VAR(@)" + --default-policy="$VAR(@)"; then + exit 1 + fi -update: /opt/vyatta/sbin/vyatta-zone.pl \ +update: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=set-default-policy \ --zone-name="$VAR(../@)" \ - --default-policy="$VAR(@)" + --default-policy="$VAR(@)"; then + exit 1 + fi diff --git a/templates/zone-policy/zone/node.tag/from/node.def b/templates/zone-policy/zone/node.tag/from/node.def index 5e37f9f1..4b664769 100644 --- a/templates/zone-policy/zone/node.tag/from/node.def +++ b/templates/zone-policy/zone/node.tag/from/node.def @@ -32,6 +32,10 @@ create: echo Undefined from zone [$VAR(@)] under zone $parent_zone exit 1 else - /opt/vyatta/sbin/vyatta-zone.pl --action=add-zone --zone-name="$parent_zone" - /opt/vyatta/sbin/vyatta-zone.pl --action=add-zone --zone-name="$VAR(@)" + if ! /opt/vyatta/sbin/vyatta-zone.pl --action=add-zone --zone-name="$parent_zone"; then + exit 1 + fi + if ! /opt/vyatta/sbin/vyatta-zone.pl --action=add-zone --zone-name="$VAR(@)"; then + exit 1 + fi fi diff --git a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def index e34cf8c4..b1ca94bc 100644 --- a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def +++ b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/ipv6-name/node.def @@ -7,66 +7,58 @@ allowed: echo -n ${params[@]##*/} create: - params=( `ls /opt/vyatta/config/active/firewall/ipv6-name 2>/dev/null` ) - array_len=${#params[*]} - i=0 - found=0 - while [ $i -lt $array_len ]; do - if [ \"${params[$i]}\" == \"$VAR(@)\" ] ; then - - found=1 - fi - let i++ - done - if [ $found -eq 0 ]; then - echo Invalid IPv6 firewall ruleset [$VAR(@)] - exit 1 - fi + if ! /opt/vyatta/sbin/vyatta-zone.pl \ + --action=is-fwruleset-active \ + --zone-name="$VAR(../../../@)" \ + --ruleset-type=ipv6-name \ + --ruleset-name="$VAR(@)"; then + exit 1 + fi - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)" + --ruleset-name="$VAR(@)"; then + exit 1 + fi update: - params=( `ls /opt/vyatta/config/active/firewall/ipv6-name 2>/dev/null` ) - array_len=${#params[*]} - i=0 - found=0 - while [ $i -lt $array_len ]; do - echo comparing ${params[$i]} with $VAR(@) - if [ \"${params[$i]}\" == \"$VAR(@)\" ] ; then - found=1 - fi - let i++ - done - if [ $found -eq 0 ]; then - echo Invalid IPv6 firewall ruleset [$VAR(@)] - exit 1 + if ! /opt/vyatta/sbin/vyatta-zone.pl \ + --action=is-fwruleset-active \ + --zone-name="$VAR(../../../@)" \ + --ruleset-type=ipv6-name \ + --ruleset-name="$VAR(@)"; then + exit 1 fi # need to undo previous ruleset here first - old_ruleset=`cat /opt/vyatta/config/active/zone-policy/zone/$VAR(../../../@)/from/$VAR(../../@)/firewall/ipv6-name/node.val` - /opt/vyatta/sbin/vyatta-zone.pl \ + old_ruleset=`cat /opt/vyatta/config/active/zone-policy/zone/$VAR(../../../@)/from/$VAR(../../@)/firewall/ipv6-name/node.val` + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=ipv6-name \ - --ruleset-name="$old_ruleset" + --ruleset-name="$old_ruleset"; then + exit 1 + fi - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ - --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)" + --ruleset-type=ipv6-name \ + --ruleset-name="$VAR(@)"; then + exit 1 + fi delete: - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=ipv6-name \ - --ruleset-name="$VAR(@)" + --ruleset-name="$VAR(@)"; then + exit 1 + fi diff --git a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def index 56df6a19..46328f0f 100644 --- a/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def +++ b/templates/zone-policy/zone/node.tag/from/node.tag/firewall/name/node.def @@ -7,65 +7,59 @@ allowed: echo -n ${params[@]##*/} create: - params=( `ls /opt/vyatta/config/active/firewall/name 2>/dev/null` ) - array_len=${#params[*]} - i=0 - found=0 - while [ $i -lt $array_len ]; do - if [ \"${params[$i]}\" == \"$VAR(@)\" ] ; then - - found=1 - fi - let i++ - done - if [ $found -eq 0 ]; then - echo Invalid IPv4 firewall ruleset [$VAR(@)] - #exit 1 - fi + if ! /opt/vyatta/sbin/vyatta-zone.pl \ + --action=is-fwruleset-active \ + --zone-name="$VAR(../../../@)" \ + --ruleset-type=name \ + --ruleset-name="$VAR(@)"; then + exit 1 + fi - /opt/vyatta/sbin/vyatta-zone.pl \ + + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=name \ - --ruleset-name="$VAR(@)" + --ruleset-name="$VAR(@)"; then + exit 1 + fi update: - params=( `ls /opt/vyatta/config/active/firewall/name 2>/dev/null` ) - array_len=${#params[*]} - i=0 - found=0 - while [ $i -lt $array_len ]; do - if [ \"${params[$i]}\" == \"$VAR(@)\" ] ; then - found=1 - fi - let i++ - done - if [ $found -eq 0 ]; then - echo Invalid IPv4 firewall ruleset [$VAR(@)] - exit 1 - fi + if ! /opt/vyatta/sbin/vyatta-zone.pl \ + --action=is-fwruleset-active \ + --zone-name="$VAR(../../../@)" \ + --ruleset-type=name \ + --ruleset-name="$VAR(@)"; then + exit 1 + fi # need to undo previous ruleset here first old_ruleset=`cat /opt/vyatta/config/active/zone-policy/zone/$VAR(../../../@)/from/$VAR(../../@)/firewall/name/node.val` - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=name \ - --ruleset-name="$old_ruleset" + --ruleset-name="$old_ruleset"; then + exit 1 + fi - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=name \ - --ruleset-name="$VAR(@)" + --ruleset-name="$VAR(@)"; then + exit 1 + fi delete: - /opt/vyatta/sbin/vyatta-zone.pl \ + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-fromzone-fw \ --zone-name="$VAR(../../../@)" \ --from-zone="$VAR(../../@)" \ --ruleset-type=name \ - --ruleset-name="$VAR(@)" + --ruleset-name="$VAR(@)"; then + exit 1 + fi diff --git a/templates/zone-policy/zone/node.tag/interface/node.def b/templates/zone-policy/zone/node.tag/interface/node.def index 824d3cda..845a5e8c 100644 --- a/templates/zone-policy/zone/node.tag/interface/node.def +++ b/templates/zone-policy/zone/node.tag/interface/node.def @@ -5,12 +5,18 @@ allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=all | sed -e s/'lo '// create: /opt/vyatta/sbin/vyatta-interfaces.pl --dev=$VAR(@) --warn -create: /opt/vyatta/sbin/vyatta-zone.pl \ +create: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-zone-interface \ --zone-name="$VAR(../@)" \ - --interface="$VAR(@)" + --interface="$VAR(@)"; then + exit 1 + fi -delete: /opt/vyatta/sbin/vyatta-zone.pl \ +delete: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-zone-interface \ --zone-name="$VAR(../@)" \ - --interface="$VAR(@)" + --interface="$VAR(@)"; then + exit 1 + fi diff --git a/templates/zone-policy/zone/node.tag/local-zone/node.def b/templates/zone-policy/zone/node.tag/local-zone/node.def index 77a49771..4b045302 100644 --- a/templates/zone-policy/zone/node.tag/local-zone/node.def +++ b/templates/zone-policy/zone/node.tag/local-zone/node.def @@ -1,9 +1,15 @@ help: Set zone to be local-zone -create: /opt/vyatta/sbin/vyatta-zone.pl \ +create: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=add-localzone \ - --zone-name="$VAR(../@)" + --zone-name="$VAR(../@)"; then + exit 1 + fi -delete: /opt/vyatta/sbin/vyatta-zone.pl \ +delete: + if ! /opt/vyatta/sbin/vyatta-zone.pl \ --action=delete-localzone \ - --zone-name="$VAR(../@)" + --zone-name="$VAR(../@)"; then + exit 1 + fi |