summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorGaurav Sinha <gaurav.sinha@vyatta.com>2012-09-04 11:30:53 -0700
committerGaurav Sinha <gaurav.sinha@vyatta.com>2012-09-04 11:30:53 -0700
commit9dc90a9ea4d350fbee1c44a5e87f880e7bb0cefa (patch)
treef0a1957634ae4bdd19a9e2bb9f9667eb94f19a33 /scripts
parent876df3f051021688ac8fa3ab7389b26c299acb2b (diff)
downloadvyatta-conntrack-9dc90a9ea4d350fbee1c44a5e87f880e7bb0cefa.tar.gz
vyatta-conntrack-9dc90a9ea4d350fbee1c44a5e87f880e7bb0cefa.zip
Fixing rule minimal checks, fixing tcp / udp checks
Diffstat (limited to 'scripts')
-rw-r--r--scripts/vyatta-conntrack-ignore.pl18
1 files changed, 11 insertions, 7 deletions
diff --git a/scripts/vyatta-conntrack-ignore.pl b/scripts/vyatta-conntrack-ignore.pl
index 701c8b8..37a1534 100644
--- a/scripts/vyatta-conntrack-ignore.pl
+++ b/scripts/vyatta-conntrack-ignore.pl
@@ -71,26 +71,30 @@ sub handle_rule_creation {
my $node = new Vyatta::Conntrack::RuleIgnore;
my ($rule_string);
- do_interface_check($rule);
+ do_minimalrule_check($rule);
$node->setup("system conntrack ignore rule $rule");
$rule_string = $node->rule();
apply_ignore_policy($rule_string, $rule, $num_rules);
}
-# mandate only one interface configuration per rule
-sub do_interface_check {
+# mandate atleast inbound interface / source ip / dest ip or protocol per rule
+sub do_minimalrule_check {
my ($rule) = @_;
my $config = new Vyatta::Config;
- my $intf_nos = $config->listNodes("system conntrack ignore rule $rule inbound-interface");
- if (($intf_nos > 1)) {
- Vyatta::Config::outputError(["Conntrack"], "Conntrack config error: configure at most one inbound interface in rule $rule");
+ my $intf = $config->exists("system conntrack ignore rule $rule inbound-interface");
+ my $src = $config->exists("system conntrack ignore rule $rule source address");
+ my $dst = $config->exists("system conntrack ignore rule $rule destination address");
+ my $protocol = $config->exists("system conntrack ignore rule $rule protocol");
+
+ if ( (!$intf) and (!$src) and (!$dst) and (!$protocol)) {
+ Vyatta::Config::outputError(["Conntrack"], "Conntrack config error: No inbound-interface, source / destination address, protocol found in rule @_ ");
exit 1;
}
}
sub handle_rule_modification {
my ($rule, $num_rules) = @_;
- do_interface_check($rule);
+ do_minimalrule_check($rule);
handle_rule_deletion($rule);
handle_rule_creation($rule, $num_rules);
}