diff options
| -rw-r--r-- | lib/Vyatta/Conntrack/RuleCT.pm | 46 | ||||
| -rw-r--r-- | scripts/vyatta-conntrack-timeouts.pl | 12 |
2 files changed, 43 insertions, 15 deletions
diff --git a/lib/Vyatta/Conntrack/RuleCT.pm b/lib/Vyatta/Conntrack/RuleCT.pm index e407f42..e53e07f 100644 --- a/lib/Vyatta/Conntrack/RuleCT.pm +++ b/lib/Vyatta/Conntrack/RuleCT.pm @@ -13,12 +13,20 @@ my %fields = ( _tcp => { _close => undef, _close_wait => undef, + _established => undef, + _fin_wait => undef, + _last_ack => undef, _syn_sent => undef, - }, - _udp => undef, + _syn_recv => undef, + _time_wait => undef, + }, + _udp => { + _other => undef, + _stream => undef, + }, _other => undef, _icmp => undef , - }, + }, ); my %dummy_rule = ( @@ -27,9 +35,17 @@ my %dummy_rule = ( _tcp => { _close => undef, _close_wait => undef, + _established => undef, + _fin_wait => undef, + _last_ack => undef, _syn_sent => undef, - }, - _udp => undef, + _syn_recv => undef, + _time_wait => undef, + }, + _udp => { + _other => undef, + _stream => undef, + }, _other => undef, _icmp => undef , }, @@ -67,7 +83,25 @@ sub setup_base { $config->setLevel("$level"); $self->{_rule_number} = $config->returnParent(".."); - $self->{_protocol} = $config->$val_func("protocol"); + if (($config->existsOrig("protocol tcp")) or + ($config->existsOrig("protocol udp")) or + ($config->existsOrig("protocol icmp")) or + ($config->existsOrig("protocol other"))) { + die "Error: Only one protocol per rule\n" + } + if ($config->$exists_func("protocol tcp")) { + $self->{_protocol} = "tcp"; + } elsif ($config->$exists_func("protocol icmp")) { + $self->{_protocol} = "icmp"; + } elsif ($config->$exists_func("protocol udp")) { + $self->{_protocol} = "udp"; + } elsif ($config->$exists_func("protocol other")) { + $self->{_protocol} = "other"; + } + + print "protocol is [\n"; + print $self->{_protocol}; + print "]\n"; $src->$addr_setup("$level source"); $dst->$addr_setup("$level destination"); diff --git a/scripts/vyatta-conntrack-timeouts.pl b/scripts/vyatta-conntrack-timeouts.pl index 7395b06..a079ed1 100644 --- a/scripts/vyatta-conntrack-timeouts.pl +++ b/scripts/vyatta-conntrack-timeouts.pl @@ -31,7 +31,6 @@ sub update_config { $config->setLevel("system conntrack timeout custom rule"); %rules = $config->listNodeStatus(); - print %rules; foreach my $rule (sort keys %rules) { if ("$rules{$rule}" eq 'static') { } elsif ("$rules{$rule}" eq 'added') { @@ -39,15 +38,10 @@ sub update_config { $node->setup("system conntrack timeout custom rule $rule"); $node->print(); } elsif ("$rules{$rule}" eq 'changed') { + my $node = new Vyatta::Conntrack::RuleCT; + $node->setup("system conntrack timeout custom rule $rule"); + $node->print(); } elsif ("$rules{$rule}" eq 'deleted') { -# my $node = new Vyatta::Conntrack::RuleCT; -# $node->setupOrig("system conntrack timeout custom rule $rule"); -# my $ipt_rules = $node->get_num_ipt_rules(); -# for (1 .. $ipt_rules) { -# print "deleting 1\n"; -# run_cmd("$iptables_cmd -t $table --delete $name $iptablesrule"); -# die "$iptables_cmd error: $! - $rule" if ($? >> 8); -# } } } } |