summaryrefslogtreecommitdiff
path: root/lib/Vyatta
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Vyatta')
-rw-r--r--lib/Vyatta/Conntrack/RuleIgnore.pm37
1 files changed, 26 insertions, 11 deletions
diff --git a/lib/Vyatta/Conntrack/RuleIgnore.pm b/lib/Vyatta/Conntrack/RuleIgnore.pm
index 7c3f668..27ed237 100644
--- a/lib/Vyatta/Conntrack/RuleIgnore.pm
+++ b/lib/Vyatta/Conntrack/RuleIgnore.pm
@@ -22,14 +22,13 @@ my $DEBUG = 'false';
sub rule {
my ( $self ) = @_;
- my ($rule, $srcrule, $dstrule, $err_str);
- my $tcp_and_udp = 0;
+ my ($rule1, $rule2, $srcrule, $dstrule, $err_str);
# set CLI rule num as comment
my @level_nodes = split (' ', $self->{_comment});
- $rule .= " -m comment --comment \"$level_nodes[2]-$level_nodes[4]\" ";
+ $rule1 .= " -m comment --comment \"$level_nodes[2]-$level_nodes[4]\" ";
if (defined($self->{_interface})) {
- $rule .= " -i $self->{_interface} ";
+ $rule1 .= " -i $self->{_interface} ";
}
($srcrule, $err_str) = $src->rule();
if (defined($err_str)) {
@@ -41,17 +40,33 @@ sub rule {
Vyatta::Config::outputError(["Conntrack"], "Conntrack config error: $err_str");
exit 1;
}
+
if (defined($self->{_protocol})) {
- if ($self->{_protocol} =~ m/^!/) {
- my $protocol = substr($self->{_protocol}, 1);
- $rule .= " ! -p $protocol";
+ if ($self->{_protocol} eq 'tcp_udp') {
+ $rule2 = $rule1;
+ #break protcol as tcp and udp, two rules
+ if ($self->{_protocol} =~ m/^!/) {
+ $rule1 .= " ! -p tcp";
+ $rule2 .= " ! -p udp";
+ } else {
+ $rule1 .= " -p tcp ";
+ $rule2 .= " -p udp ";
+ }
} else {
- $rule .= " -p $self->{_protocol}";
+ if ($self->{_protocol} =~ m/^!/) {
+ my $protocol = substr($self->{_protocol}, 1);
+ $rule1 .= " ! -p $protocol";
+ } else {
+ $rule1 .= " -p $self->{_protocol}";
+ }
}
}
-
- $rule .= " $srcrule $dstrule ";
- return $rule;
+
+ $rule1 .= " $srcrule $dstrule ";
+ if ($rule2) {
+ $rule2 .= " $srcrule $dstrule ";
+ }
+ return ($rule1, $rule2);
}
sub new {
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-10 19:57:52 +0000