From 3b185ab75f3189164b6d1c0721eb66de3c118b2e Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Fri, 7 Mar 2008 10:16:45 -0800
Subject: allow non-root to clear nat counters

Part of bugfix 2698
---
 debian/vyatta-cfg-system.postinst.in | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index ad9c5fda..979760f6 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -32,10 +32,11 @@ if [ "$sysconfdir" != "/etc" ]; then
     # Allow operator to do a limited number of commands without password
     cat <<"EOF" >>/etc/sudoers
 Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\
-                      /sbin/iptables -Z *,\
 		      /sbin/iptables -L -vn,\
                       /sbin/iptables -L * -vn,\
-		      /sbin/iptables -t * -L -vn
+		      /sbin/iptables -t * -L -vn, \
+                      /sbin/iptables -Z *,\
+		      /sbin/iptables -Z -t nat
 Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \
 		     /sbin/ip route flush cache *,\
 		     /sbin/ip neigh flush to *, \
-- 
cgit v1.2.3