diff options
| -rw-r--r-- | lib/Vyatta/Conntrack/RuleCT.pm | 35 | ||||
| -rw-r--r-- | scripts/vyatta-conntrack-timeouts.pl | 10 |
2 files changed, 27 insertions, 18 deletions
diff --git a/lib/Vyatta/Conntrack/RuleCT.pm b/lib/Vyatta/Conntrack/RuleCT.pm index 9329603..3a0377b 100644 --- a/lib/Vyatta/Conntrack/RuleCT.pm +++ b/lib/Vyatta/Conntrack/RuleCT.pm @@ -9,23 +9,29 @@ my $dst = new Vyatta::Conntrack::AddressFilterCT; my %fields = ( _rule_number => undef, - _protocol => undef, - _state => { - _established => undef, - _new => undef, - _related => undef, - _invalid => undef, + _protocol => { + _tcp => { + _close => undef, + _close_wait => undef, + _syn_sent => undef, + }, + _udp => undef, + _other => undef, + _icmp => undef , }, ); my %dummy_rule = ( _rule_number => 10000, - _protocol => "all", - _state => { - _established => undef, - _new => undef, - _related => undef, - _invalid => undef, + _protocol => { + _tcp => { + _close => undef, + _close_wait => undef, + _syn_sent => undef, + }, + _udp => undef, + _other => undef, + _icmp => undef , }, ); @@ -62,11 +68,6 @@ sub setup_base { $self->{_rule_number} = $config->returnParent(".."); $self->{_protocol} = $config->$val_func("protocol"); - $self->{_state}->{_established} = $config->$val_func("state established"); - $self->{_state}->{_new} = $config->$val_func("state new"); - $self->{_state}->{_related} = $config->$val_func("state related"); - $self->{_state}->{_invalid} = $config->$val_func("state invalid"); - $src->$addr_setup("$level source"); $dst->$addr_setup("$level destination"); diff --git a/scripts/vyatta-conntrack-timeouts.pl b/scripts/vyatta-conntrack-timeouts.pl index 7de1a02..8ab322d 100644 --- a/scripts/vyatta-conntrack-timeouts.pl +++ b/scripts/vyatta-conntrack-timeouts.pl @@ -39,7 +39,15 @@ sub update_config { $node->setup("system conntrack timeout custom rule $rule"); $node->print(); } elsif ("$rules{$rule}" eq 'changed') { - } elsif ("$rules{$rule}" eq 'deleted'){ + } elsif ("$rules{$rule}" eq 'deleted') { +# my $node = new Vyatta::Conntrack::RuleCT; +# $node->setupOrig("system conntrack timeout custom rule $rule"); +# my $ipt_rules = $node->get_num_ipt_rules(); +# for (1 .. $ipt_rules) { +# print "deleting 1\n"; +# run_cmd("$iptables_cmd -t $table --delete $name $iptablesrule"); +# die "$iptables_cmd error: $! - $rule" if ($? >> 8); +# } } } } |