conntrack: T4145: Remove `vyatta-cfg-firewall` dependency

3 files changed, 14 insertions, 15 deletions

diff --git a/scripts/vyatta-conntrack-ignore.pl b/scripts/vyatta-conntrack-ignore.pl
index 7d07604..a103173 100644
--- a/scripts/vyatta-conntrack-ignore.pl
+++ b/scripts/vyatta-conntrack-ignore.pl
@@ -10,12 +10,11 @@ use Vyatta::Conntrack::RuleIgnore;
 use Vyatta::IpTables::AddressFilter;
 use Vyatta::Conntrack::ConntrackUtil;
 use Getopt::Long;
-use Vyatta::Zone;
 use Sys::Syslog qw(:standard :macros);
 
 #for future use when v6 ignore s need to be set
-my %cmd_hash = ( 'ipv4'        => 'iptables',
-		 'ipv6'   => 'ip6tables');
+my %cmd_hash = ( 'ipv4'        => 'iptables-nft',
+		 'ipv6'   => 'ip6tables-nft');
 # Enable printing debug output to stdout.
 my $debug_flag = 0;
 
@@ -35,8 +34,8 @@ openlog("vyatta-conntrack", "pid", "local0");
 
 sub remove_ignore_policy {
     my ($rule_string) = @_;
-    my $iptables_cmd1 = "iptables -D VYATTA_CT_IGNORE -t raw $rule_string -j CT --notrack";
-    my $iptables_cmd2 = "iptables -D VYATTA_CT_IGNORE -t raw $rule_string -j RETURN";
+    my $iptables_cmd1 = "iptables-nft -D VYOS_CT_IGNORE -t raw $rule_string -j CT --notrack";
+    my $iptables_cmd2 = "iptables-nft -D VYOS_CT_IGNORE -t raw $rule_string -j RETURN";
     run_cmd($iptables_cmd2);
     if ($? >> 8) {
      print "$CTERROR failed to run $iptables_cmd2\n";    
@@ -51,9 +50,9 @@ sub remove_ignore_policy {
 sub apply_ignore_policy {
    my ($rule_string, $rule, $num_rules) = @_;
    # insert at num_rules + 1 as there are so many rules already. 
-   my $iptables_cmd1 = "iptables -I VYATTA_CT_IGNORE $num_rules -t raw $rule_string -j CT --notrack";
+   my $iptables_cmd1 = "iptables-nft -I VYOS_CT_IGNORE $num_rules -t raw $rule_string -j CT --notrack";
    $num_rules +=1;
-   my $iptables_cmd2 = "iptables -I VYATTA_CT_IGNORE $num_rules -t raw $rule_string -j RETURN";
+   my $iptables_cmd2 = "iptables-nft -I VYOS_CT_IGNORE $num_rules -t raw $rule_string -j RETURN";
    run_cmd($iptables_cmd1);
     if ($? >> 8) {
      print "$CTERROR failed to run $iptables_cmd1\n";    
diff --git a/scripts/vyatta-conntrack-timeouts.pl b/scripts/vyatta-conntrack-timeouts.pl
index 557f4eb..7394945 100644
--- a/scripts/vyatta-conntrack-timeouts.pl
+++ b/scripts/vyatta-conntrack-timeouts.pl
@@ -13,8 +13,8 @@ use Vyatta::Zone;
 use Sys::Syslog qw(:standard :macros);
 
 #for future use when v6 timeouts need to be set
-my %cmd_hash = ( 'ipv4'        => 'iptables',
-		 'ipv6'   => 'ip6tables');
+my %cmd_hash = ( 'ipv4'        => 'iptables-nft',
+		 'ipv6'   => 'ip6tables-nft');
 # Enable printing debug output to stdout.
 my $debug_flag = 0;
 
@@ -36,8 +36,8 @@ sub remove_timeout_policy {
     my ($rule_string, $timeout_policy) = @_;
     my @tokens = split (' ', $timeout_policy);
     # First remove the iptables rules before removing policy.
-    my $iptables_cmd1 = "iptables -D VYATTA_CT_TIMEOUT -t raw $rule_string -j CT --timeout $tokens[0]";
-    my $iptables_cmd2 = "iptables -D VYATTA_CT_TIMEOUT -t raw $rule_string -j RETURN";
+    my $iptables_cmd1 = "iptables-nft -D VYOS_CT_TIMEOUT -t raw $rule_string -j CT --timeout $tokens[0]";
+    my $iptables_cmd2 = "iptables-nft -D VYOS_CT_TIMEOUT -t raw $rule_string -j RETURN";
     my $nfct_timeout_cmd = "$nfct timeout delete $timeout_policy"; 
     run_cmd($iptables_cmd2);
     if ($? >> 8) {
@@ -66,9 +66,9 @@ sub apply_timeout_policy {
     my $nfct_timeout_cmd = "$nfct timeout add $timeout_policy"; 
     my @tokens = split (' ', $timeout_policy);
     # insert at num_rules + 1 as there are so many rules already. 
-    my $iptables_cmd1 = "iptables -I VYATTA_CT_TIMEOUT $num_rules -t raw $rule_string -j CT --timeout $tokens[0]";
+    my $iptables_cmd1 = "iptables-nft -I VYATTA_CT_TIMEOUT $num_rules -t raw $rule_string -j CT --timeout $tokens[0]";
     $num_rules +=1;
-    my $iptables_cmd2 = "iptables -I VYATTA_CT_TIMEOUT $num_rules -t raw $rule_string -j RETURN";
+    my $iptables_cmd2 = "iptables-nft -I VYATTA_CT_TIMEOUT $num_rules -t raw $rule_string -j RETURN";
     run_cmd($nfct_timeout_cmd);
     if ($? >> 8) {
       print "$CTERROR failed to run $nfct_timeout_cmd\n";    
@@ -84,7 +84,7 @@ sub apply_timeout_policy {
     run_cmd($iptables_cmd2);
     if ($? >> 8) {
       run_cmd("nfct timeout delete policy_timeout_$rule");   
-      run_cmd("iptables -D PREROUTING -t raw $rule_string -j CT --timeout $tokens[0]");   
+      run_cmd("iptables-nft -D PREROUTING -t raw $rule_string -j CT --timeout $tokens[0]");   
       print "$CTERROR failed to run $iptables_cmd2\n";    
       exit 1;
     }
diff --git a/scripts/vyatta-show-ignore.pl b/scripts/vyatta-show-ignore.pl
index 40efa8f..e650bf1 100644
--- a/scripts/vyatta-show-ignore.pl
+++ b/scripts/vyatta-show-ignore.pl
@@ -43,7 +43,7 @@ sub print_ignore_rules {
   $config->setLevel("system conntrack ignore rule");
   my @rules = sort numerically $config->listOrigNodes(); 
 
-  my @rules_in_chain = `sudo iptables -L VYATTA_CT_IGNORE -t raw -nv`;
+  my @rules_in_chain = `sudo iptables-nft -L VYOS_CT_IGNORE -t raw -nv`;
   if (!(@rules_in_chain)){
     die "Error: no ignore rules configured\n";
   }