summaryrefslogtreecommitdiff
path: root/scripts/vyatta-conntrack-timeouts.pl
diff options
context:
space:
mode:
authorGaurav <gaurav.sinha@vyatta.com>2012-02-24 12:07:59 -0800
committerGaurav Sinha <gaurav.sinha@vyatta.com>2012-03-16 16:44:07 -0700
commit2c01ae23d707c984e2f6587da9218e5e63d55e30 (patch)
treed73983bfbe9ab85f1765b57a97fa6950866f8155 /scripts/vyatta-conntrack-timeouts.pl
parent516e4988be28dd2441e915fe7d4c6a2efb5bd0c6 (diff)
downloadvyatta-conntrack-2c01ae23d707c984e2f6587da9218e5e63d55e30.tar.gz
vyatta-conntrack-2c01ae23d707c984e2f6587da9218e5e63d55e30.zip
adding apply/remove policy function, still dummy
(cherry picked from commit bc000f9a538e67545dd7b1edb49385e158067639)
Diffstat (limited to 'scripts/vyatta-conntrack-timeouts.pl')
-rw-r--r--scripts/vyatta-conntrack-timeouts.pl26
1 files changed, 19 insertions, 7 deletions
diff --git a/scripts/vyatta-conntrack-timeouts.pl b/scripts/vyatta-conntrack-timeouts.pl
index ac9b56d..a98de86 100644
--- a/scripts/vyatta-conntrack-timeouts.pl
+++ b/scripts/vyatta-conntrack-timeouts.pl
@@ -23,17 +23,29 @@ GetOptions("create=s" => \$create,
);
update_config();
+
sub remove_timeout_policy {
my ($rule_string, $timeout_policy) = @_;
- print "removing with $rule_string and $timeout_policy\n";
- # function to apply the policy and then apply the policy to
- # the iptables rule.
- # Do nothing as of now.
+ my @tokens = split (' ', $timeout_policy);
+ # First remove the iptables rules before removing policy.
+ my $iptables_cmd1 = "iptables -D PREROUTING -t raw $rule_string -j CT --timeout $tokens[0]";
+ my $iptables_cmd2 = "iptables -D OUTPUT -t raw $rule_string -j CT --timeout $tokens[0]";
+ my $nfct_timeout_cmd = "nfct-timeout remove $timeout_policy";
+ print "$iptables_cmd1\n$iptables_cmd2\n";
+ print "$nfct_timeout_cmd\n";
}
+
+# nfct-timeout create policy1 tcp established 1200 close-wait 100 fin-wait 10
+# iptables -I PREROUTING -t raw -s 1.1.1.1 -d 2.2.2.2 -j CT --timeout policy1
sub apply_timeout_policy {
- # function to apply the policy and then apply the policy to
- # the iptables rule.
- # Do nothing as of now.
+ my ($rule_string, $timeout_policy) = @_;
+ my $nfct_timeout_cmd = "nfct-timeout create $timeout_policy";
+ my @tokens = split (' ', $timeout_policy);
+ my $iptables_cmd1 = "iptables -I PREROUTING -t raw $rule_string -j CT --timeout $tokens[0]";
+ my $iptables_cmd2 = "iptables -I OUTPUT -t raw $rule_string -j CT --timeout $tokens[0]";
+
+ print "$nfct_timeout_cmd\n";
+ print "$iptables_cmd1\n$iptables_cmd2\n";
}