diff options
author | Gaurav <gaurav.sinha@vyatta.com> | 2012-02-24 12:07:59 -0800 |
---|---|---|
committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-03-16 16:44:07 -0700 |
commit | 2c01ae23d707c984e2f6587da9218e5e63d55e30 (patch) | |
tree | d73983bfbe9ab85f1765b57a97fa6950866f8155 /scripts/vyatta-conntrack-timeouts.pl | |
parent | 516e4988be28dd2441e915fe7d4c6a2efb5bd0c6 (diff) | |
download | vyatta-conntrack-2c01ae23d707c984e2f6587da9218e5e63d55e30.tar.gz vyatta-conntrack-2c01ae23d707c984e2f6587da9218e5e63d55e30.zip |
adding apply/remove policy function, still dummy
(cherry picked from commit bc000f9a538e67545dd7b1edb49385e158067639)
Diffstat (limited to 'scripts/vyatta-conntrack-timeouts.pl')
-rw-r--r-- | scripts/vyatta-conntrack-timeouts.pl | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/scripts/vyatta-conntrack-timeouts.pl b/scripts/vyatta-conntrack-timeouts.pl index ac9b56d..a98de86 100644 --- a/scripts/vyatta-conntrack-timeouts.pl +++ b/scripts/vyatta-conntrack-timeouts.pl @@ -23,17 +23,29 @@ GetOptions("create=s" => \$create, ); update_config(); + sub remove_timeout_policy { my ($rule_string, $timeout_policy) = @_; - print "removing with $rule_string and $timeout_policy\n"; - # function to apply the policy and then apply the policy to - # the iptables rule. - # Do nothing as of now. + my @tokens = split (' ', $timeout_policy); + # First remove the iptables rules before removing policy. + my $iptables_cmd1 = "iptables -D PREROUTING -t raw $rule_string -j CT --timeout $tokens[0]"; + my $iptables_cmd2 = "iptables -D OUTPUT -t raw $rule_string -j CT --timeout $tokens[0]"; + my $nfct_timeout_cmd = "nfct-timeout remove $timeout_policy"; + print "$iptables_cmd1\n$iptables_cmd2\n"; + print "$nfct_timeout_cmd\n"; } + +# nfct-timeout create policy1 tcp established 1200 close-wait 100 fin-wait 10 +# iptables -I PREROUTING -t raw -s 1.1.1.1 -d 2.2.2.2 -j CT --timeout policy1 sub apply_timeout_policy { - # function to apply the policy and then apply the policy to - # the iptables rule. - # Do nothing as of now. + my ($rule_string, $timeout_policy) = @_; + my $nfct_timeout_cmd = "nfct-timeout create $timeout_policy"; + my @tokens = split (' ', $timeout_policy); + my $iptables_cmd1 = "iptables -I PREROUTING -t raw $rule_string -j CT --timeout $tokens[0]"; + my $iptables_cmd2 = "iptables -I OUTPUT -t raw $rule_string -j CT --timeout $tokens[0]"; + + print "$nfct_timeout_cmd\n"; + print "$iptables_cmd1\n$iptables_cmd2\n"; } |