summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/Vyatta/Conntrack/RuleIgnore.pm7
-rw-r--r--templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def2
2 files changed, 7 insertions, 2 deletions
diff --git a/lib/Vyatta/Conntrack/RuleIgnore.pm b/lib/Vyatta/Conntrack/RuleIgnore.pm
index 9b9abe1..9127fa2 100644
--- a/lib/Vyatta/Conntrack/RuleIgnore.pm
+++ b/lib/Vyatta/Conntrack/RuleIgnore.pm
@@ -42,7 +42,12 @@ sub rule {
exit 1;
}
if (defined($self->{_protocol})) {
- $rule .= " -p $self->{_protocol}";
+ if ($self->{_protocol} =~ m/^!/) {
+ my $protocol = substr($self->{_protocol}, 1);
+ $rule .= " ! -p $protocol";
+ } else {
+ $rule .= " -p $self->{_protocol}";
+ }
}
$rule .= " $srcrule $dstrule ";
return $rule;
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def
index 59f23a3..93ae51a 100644
--- a/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def
+++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def
@@ -7,7 +7,7 @@ val_help: tcp_udp ; Both TCP and UDP
val_help: all ; All IP protocols
val_help: !<protocol> ; All IP protocols except for the specified name or number (negation)
-syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \
+syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type protocol_negate '$VAR(@)'`\" ] \
&& [ \"$VAR(@)\" != 'tcp_udp' ]; then \
echo invalid protocol \"$VAR(@)\" ; \
exit 1 ; \
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 04:46:29 +0000