re-factored deletion code, disabling module scripts fixed

3 files changed, 42 insertions, 48 deletions

diff --git a/lib/Vyatta/Conntrack/ConntrackUtil.pm b/lib/Vyatta/Conntrack/ConntrackUtil.pm
index bdc4961..0ded3ef 100644
--- a/lib/Vyatta/Conntrack/ConntrackUtil.pm
+++ b/lib/Vyatta/Conntrack/ConntrackUtil.pm
@@ -41,7 +41,7 @@ sub process_protocols {
   close $proto;
   return \%proto_hash;
 }
-our @EXPORT = qw(check_for_conntrack_hooks, process_protocols, check_and_add_helpers);
+our @EXPORT = qw(check_for_conntrack_hooks, process_protocols, check_and_add_helpers, run_cmd);
 
 #function to find if connection tracking is enabled. 
 #looks in the iptables to see if any of the features introduced
@@ -83,4 +83,36 @@ sub check_and_add_helpers {
     check_ct_helper_rules();
   }
 }
+
+sub log_msg {
+  my $message = shift;
+
+  print "DEBUG: $message\n" if $debug_flag;
+  syslog(LOG_DEBUG, "%s", $message) if $syslog_flag;
+}
+# Run command and capture output
+# run_cmd("$iptables_cmd -t $table -F $name", 1);
+# if command fails, then send output to syslog
+sub run_cmd {
+  my ($cmd_to_run, $redirect) = @_;
+
+  log_msg("Running: $cmd_to_run");
+
+  if ($redirect) {
+    open (my $out, '-|',  $cmd_to_run . ' 2>&1')
+        or die "Can't run command \"$cmd_to_run\": $!";
+    my @cmd_out = <$out>;
+  
+    # if command suceeds to do nothing.
+    return if (close ($out));
+  
+    foreach my $line (@cmd_out) {
+      chomp $line;
+      syslog(LOG_INFO, "%s", $line);
+    }
+  } else {
+    system($cmd_to_run);
+  }
+}
+
 # end of file
diff --git a/scripts/vyatta-conntrack-timeouts.pl b/scripts/vyatta-conntrack-timeouts.pl
index 3ab96c2..557f4eb 100644
--- a/scripts/vyatta-conntrack-timeouts.pl
+++ b/scripts/vyatta-conntrack-timeouts.pl
@@ -7,6 +7,7 @@ use strict;
 use Vyatta::Config;
 use Vyatta::Conntrack::RuleCT;
 use Vyatta::IpTables::AddressFilter;
+use Vyatta::Conntrack::ConntrackUtil;
 use Getopt::Long;
 use Vyatta::Zone;
 use Sys::Syslog qw(:standard :macros);
@@ -31,38 +32,6 @@ update_config();
 
 openlog("vyatta-conntrack", "pid", "local0");
 
-sub log_msg {
-  my $message = shift;
-
-  print "DEBUG: $message\n" if $debug_flag;
-  syslog(LOG_DEBUG, "%s", $message) if $syslog_flag;
-}
-# Run command and capture output
-# run_cmd("$iptables_cmd -t $table -F $name", 1);
-# if command fails, then send output to syslog
-sub run_cmd {
-  my ($cmd_to_run, $redirect) = @_;
-
-  log_msg("Running: $cmd_to_run");
-#  print "$cmd_to_run\n";
-
-  if ($redirect) {
-    open (my $out, '-|',  $cmd_to_run . ' 2>&1')
-        or die "Can't run command \"$cmd_to_run\": $!";
-    my @cmd_out = <$out>;
-  
-    # if command suceeds to do nothing.
-    return if (close ($out));
-  
-    foreach my $line (@cmd_out) {
-      chomp $line;
-      syslog(LOG_INFO, "%s", $line);
-    }
-  } else {
-    system($cmd_to_run);
-  }
-}
-
 sub remove_timeout_policy {
     my ($rule_string, $timeout_policy) = @_;
     my @tokens = split (' ', $timeout_policy);
diff --git a/scripts/vyatta-cthelper.pl b/scripts/vyatta-cthelper.pl
index f038037..d19a1f4 100644
--- a/scripts/vyatta-cthelper.pl
+++ b/scripts/vyatta-cthelper.pl
@@ -31,13 +31,11 @@ add_helper_to_chain {
   my ($module) = @_;
   my $iptables_cmd = $cmd_hash {'ipv4'}; 
   if ($module eq 'sqlnet') {
-#    run_cmd (" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns ");
-    print " $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns \n";
-#    run_cmd (" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns ");
-    print " $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns \n";
+    run_cmd("$iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper tns");
+    run_cmd("$iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper tns");
   } elsif ($module eq 'nfs') {
-    print " $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs \n";
-#   run_cmd (" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs ");
+    run_cmd(" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper rpc");
+    run_cmd(" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p udp --dport 111 -j CT --helper rpc");
   }
 }
 
@@ -47,13 +45,11 @@ delete_helper_from_chain {
   my ($module) = @_;
   my $iptables_cmd = $cmd_hash {'ipv4'}; 
   if ($module eq 'sqlnet') {
-#    run_cmd (" $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns ");
-    print " $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns \n";
-#    run_cmd (" $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns ");
-    print " $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns \n";
+    run_cmd ("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper tns");
+    run_cmd ("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper tns");
   } elsif ($module eq 'nfs') {
-    print " $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs \n";
-#   run_cmd (" $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs ");
+    run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper rpc");
+    run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p udp --dport 111 -j CT --helper rpc");
   }
 }
 
@@ -61,15 +57,12 @@ delete_helper_from_chain {
 sub disable_helper_module {
   my ($module) = @_;
  
-  print "disable $module\n"; 
   delete_helper_from_chain($module);
 }
 
 # should enable the required helper module
 sub enable_helper_module {
   my ($module) = @_;
- 
-  print "enable $module\n"; 
   add_helper_to_chain($module);
 }