diff options
| author | aapostoliuk <a.apostoliuk@vyos.io> | 2023-02-10 15:38:05 +0200 |
|---|---|---|
| committer | aapostoliuk <a.apostoliuk@vyos.io> | 2023-02-10 15:38:05 +0200 |
| commit | c8b015fe875f6cf6d6d1e09dd326af84d36dd3b7 (patch) | |
| tree | 15086be8ee3a9bd354668c3f5911eb98dde4b7f6 /lib | |
| parent | 32c13a7f5f36233d0834ac813eb66839457fdfc7 (diff) | |
| download | vyatta-conntrack-c8b015fe875f6cf6d6d1e09dd326af84d36dd3b7.tar.gz vyatta-conntrack-c8b015fe875f6cf6d6d1e09dd326af84d36dd3b7.zip | |
conntrack: T4993: Fix comment for correct delete ignore rules
For correct deleting rules iptables "comment" should be in
the end of the line
Incorrect:
-D VYATTA_CT_IGNORE -t raw -m comment --comment "ignore-10" -p udp
Correct:
-D VYATTA_CT_IGNORE -t raw -p udp -m comment --comment "ignore-10"
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Vyatta/Conntrack/RuleIgnore.pm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/Vyatta/Conntrack/RuleIgnore.pm b/lib/Vyatta/Conntrack/RuleIgnore.pm index 55a2315..0bef8c2 100644 --- a/lib/Vyatta/Conntrack/RuleIgnore.pm +++ b/lib/Vyatta/Conntrack/RuleIgnore.pm @@ -26,8 +26,7 @@ sub rule { my $tcp_and_udp = 0; # set CLI rule num as comment my @level_nodes = split (' ', $self->{_comment}); - $rule .= " -m comment --comment \"$level_nodes[2]-$level_nodes[4]\" "; - + if (defined($self->{_interface})) { $rule .= " -i $self->{_interface} "; } @@ -58,6 +57,7 @@ sub rule { } else { $rule .= " $srcrule $dstrule "; } + $rule .= " -m comment --comment \"$level_nodes[2]-$level_nodes[4]\" "; return $rule; } |