From eae46378e616cf874305561cf9f8e4e8180a2c43 Mon Sep 17 00:00:00 2001 From: Gaurav Date: Tue, 3 Apr 2012 10:25:02 -0700 Subject: initial CLI for NFS and SQLnet modules --- templates-cfg/system/conntrack/modules/SQLnet/enable/node.def | 1 + templates-cfg/system/conntrack/modules/SQLnet/node.def | 1 + templates-cfg/system/conntrack/modules/nfs/enable/node.def | 1 + templates-cfg/system/conntrack/modules/nfs/node.def | 1 + 4 files changed, 4 insertions(+) create mode 100644 templates-cfg/system/conntrack/modules/SQLnet/enable/node.def create mode 100644 templates-cfg/system/conntrack/modules/SQLnet/node.def create mode 100644 templates-cfg/system/conntrack/modules/nfs/enable/node.def create mode 100644 templates-cfg/system/conntrack/modules/nfs/node.def diff --git a/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def b/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def new file mode 100644 index 0000000..6abee0a --- /dev/null +++ b/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def @@ -0,0 +1 @@ +help: enable SQLnet protocol helper diff --git a/templates-cfg/system/conntrack/modules/SQLnet/node.def b/templates-cfg/system/conntrack/modules/SQLnet/node.def new file mode 100644 index 0000000..42da24b --- /dev/null +++ b/templates-cfg/system/conntrack/modules/SQLnet/node.def @@ -0,0 +1 @@ +help: enable SQLnet helper diff --git a/templates-cfg/system/conntrack/modules/nfs/enable/node.def b/templates-cfg/system/conntrack/modules/nfs/enable/node.def new file mode 100644 index 0000000..136ab42 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/nfs/enable/node.def @@ -0,0 +1 @@ +help: enable nfs diff --git a/templates-cfg/system/conntrack/modules/nfs/node.def b/templates-cfg/system/conntrack/modules/nfs/node.def new file mode 100644 index 0000000..ae4837a --- /dev/null +++ b/templates-cfg/system/conntrack/modules/nfs/node.def @@ -0,0 +1 @@ +help: enable NFS helper -- cgit v1.2.3 From 6c46c3a8616e5e59120b5b8bf8332dc543c2267f Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Mon, 16 Apr 2012 16:30:38 -0700 Subject: CLI to add nfs/SQLnet module helpers --- templates-cfg/system/conntrack/modules/SQLnet/enable/node.def | 2 ++ templates-cfg/system/conntrack/modules/nfs/enable/node.def | 2 ++ templates-cfg/system/conntrack/modules/node.def | 6 ++++++ 3 files changed, 10 insertions(+) diff --git a/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def b/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def index 6abee0a..1cbd130 100644 --- a/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def +++ b/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def @@ -1 +1,3 @@ help: enable SQLnet protocol helper + +create:expression: "touch /tmp/vyatta-conntrack-sync" diff --git a/templates-cfg/system/conntrack/modules/nfs/enable/node.def b/templates-cfg/system/conntrack/modules/nfs/enable/node.def index 136ab42..b2a2694 100644 --- a/templates-cfg/system/conntrack/modules/nfs/enable/node.def +++ b/templates-cfg/system/conntrack/modules/nfs/enable/node.def @@ -1 +1,3 @@ help: enable nfs + +create:expression: "touch /tmp/vyatta-conntrack-sync" diff --git a/templates-cfg/system/conntrack/modules/node.def b/templates-cfg/system/conntrack/modules/node.def index 25cba5d..c391511 100644 --- a/templates-cfg/system/conntrack/modules/node.def +++ b/templates-cfg/system/conntrack/modules/node.def @@ -1 +1,7 @@ help: Connection tracking modules settings + +end:expression: "if [ -f \"/tmp/vyatta-conntrack-sync\" ]; then \ + sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable; \ + sudo rm \"/tmp/vyatta-conntrack-sync\"; \ + fi" + -- cgit v1.2.3 From cc7d0c96369980eeda4c01fca1035dca4636243a Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Tue, 17 Apr 2012 11:03:10 -0700 Subject: ensure single reload of conntrackd daemon --- templates-cfg/system/conntrack/modules/SQLnet/enable/node.def | 8 ++++++++ templates-cfg/system/conntrack/modules/nfs/enable/node.def | 6 ++++++ templates-cfg/system/conntrack/modules/node.def | 6 ------ templates-cfg/system/conntrack/node.def | 7 ++++++- templates-cfg/system/conntrack/table-size/node.def | 2 +- 5 files changed, 21 insertions(+), 8 deletions(-) diff --git a/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def b/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def index 1cbd130..630d728 100644 --- a/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def +++ b/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def @@ -1,3 +1,11 @@ help: enable SQLnet protocol helper create:expression: "touch /tmp/vyatta-conntrack-sync" + +end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then + echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper sqlnet" + echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper sqlnet" + else + echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper sqlnet" + echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper sqlnet" + fi; diff --git a/templates-cfg/system/conntrack/modules/nfs/enable/node.def b/templates-cfg/system/conntrack/modules/nfs/enable/node.def index b2a2694..130dd7f 100644 --- a/templates-cfg/system/conntrack/modules/nfs/enable/node.def +++ b/templates-cfg/system/conntrack/modules/nfs/enable/node.def @@ -1,3 +1,9 @@ help: enable nfs create:expression: "touch /tmp/vyatta-conntrack-sync" + +end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then + echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 2049 -j CT --helper nfs" + else + echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 2049 -j CT --helper nfs" + fi; diff --git a/templates-cfg/system/conntrack/modules/node.def b/templates-cfg/system/conntrack/modules/node.def index c391511..25cba5d 100644 --- a/templates-cfg/system/conntrack/modules/node.def +++ b/templates-cfg/system/conntrack/modules/node.def @@ -1,7 +1 @@ help: Connection tracking modules settings - -end:expression: "if [ -f \"/tmp/vyatta-conntrack-sync\" ]; then \ - sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable; \ - sudo rm \"/tmp/vyatta-conntrack-sync\"; \ - fi" - diff --git a/templates-cfg/system/conntrack/node.def b/templates-cfg/system/conntrack/node.def index 53488ae..2ac9101 100644 --- a/templates-cfg/system/conntrack/node.def +++ b/templates-cfg/system/conntrack/node.def @@ -2,6 +2,11 @@ help: Connection tracking engine options priority: 218 # before NAT and conntrack-sync are configured +end:expression: "if [ -f \"/tmp/vyatta-conntrack-sync\" ]; then \ + sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable; \ + sudo rm \"/tmp/vyatta-conntrack-sync\"; \ + fi" + delete: # set conntrack table size to standard 16384 entries if conntrack settings are removed sudo sysctl -q -w net/nf_conntrack_max=16384 @@ -20,5 +25,5 @@ delete: # set conntrack table size to standard 16384 entries if conntrack settin # need to restart conntrackd with updated conntrack table size if cli-shell-api existsActive service conntrack-sync; then - sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable + touch /tmp/vyatta-conntrack-sync fi diff --git a/templates-cfg/system/conntrack/table-size/node.def b/templates-cfg/system/conntrack/table-size/node.def index b44b563..74cf58a 100644 --- a/templates-cfg/system/conntrack/table-size/node.def +++ b/templates-cfg/system/conntrack/table-size/node.def @@ -28,7 +28,7 @@ update: sudo sysctl -q -w net/nf_conntrack_max=$VAR(@) # need to restart conntrackd with updated conntrack table size if cli-shell-api existsActive service conntrack-sync; then - sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable + touch /tmp/vyatta-conntrack-sync fi -- cgit v1.2.3 From 753b0cb5ca7e273d24d51333e238bde3e150e5ee Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Tue, 17 Apr 2012 13:23:21 -0700 Subject: fix help strings --- templates-cfg/system/conntrack/modules/nfs/enable/node.def | 2 +- templates-cfg/system/conntrack/modules/nfs/node.def | 2 +- templates-cfg/system/conntrack/modules/sqlnet/enable/node.def | 11 +++++++++++ templates-cfg/system/conntrack/modules/sqlnet/node.def | 1 + 4 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 templates-cfg/system/conntrack/modules/sqlnet/enable/node.def create mode 100644 templates-cfg/system/conntrack/modules/sqlnet/node.def diff --git a/templates-cfg/system/conntrack/modules/nfs/enable/node.def b/templates-cfg/system/conntrack/modules/nfs/enable/node.def index 130dd7f..3d07321 100644 --- a/templates-cfg/system/conntrack/modules/nfs/enable/node.def +++ b/templates-cfg/system/conntrack/modules/nfs/enable/node.def @@ -1,4 +1,4 @@ -help: enable nfs +help: enable NFS protocol connection tracking helper create:expression: "touch /tmp/vyatta-conntrack-sync" diff --git a/templates-cfg/system/conntrack/modules/nfs/node.def b/templates-cfg/system/conntrack/modules/nfs/node.def index ae4837a..3d1fb34 100644 --- a/templates-cfg/system/conntrack/modules/nfs/node.def +++ b/templates-cfg/system/conntrack/modules/nfs/node.def @@ -1 +1 @@ -help: enable NFS helper +help: NFS protocol connection tracking helper settting diff --git a/templates-cfg/system/conntrack/modules/sqlnet/enable/node.def b/templates-cfg/system/conntrack/modules/sqlnet/enable/node.def new file mode 100644 index 0000000..74186d6 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/sqlnet/enable/node.def @@ -0,0 +1,11 @@ +help: enable SQLnet protocol connection tracking helper + +create:expression: "touch /tmp/vyatta-conntrack-sync" + +end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then + echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper sqlnet" + echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper sqlnet" + else + echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper sqlnet" + echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper sqlnet" + fi; diff --git a/templates-cfg/system/conntrack/modules/sqlnet/node.def b/templates-cfg/system/conntrack/modules/sqlnet/node.def new file mode 100644 index 0000000..a62048e --- /dev/null +++ b/templates-cfg/system/conntrack/modules/sqlnet/node.def @@ -0,0 +1 @@ +help: SQLnet protocol connection tracking helper setting -- cgit v1.2.3 From 507404a62bbab41de83c006a84476d1069aabf5c Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Tue, 17 Apr 2012 13:29:32 -0700 Subject: remove SQLnet --- templates-cfg/system/conntrack/modules/SQLnet/enable/node.def | 11 ----------- templates-cfg/system/conntrack/modules/SQLnet/node.def | 1 - 2 files changed, 12 deletions(-) delete mode 100644 templates-cfg/system/conntrack/modules/SQLnet/enable/node.def delete mode 100644 templates-cfg/system/conntrack/modules/SQLnet/node.def diff --git a/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def b/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def deleted file mode 100644 index 630d728..0000000 --- a/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def +++ /dev/null @@ -1,11 +0,0 @@ -help: enable SQLnet protocol helper - -create:expression: "touch /tmp/vyatta-conntrack-sync" - -end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then - echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper sqlnet" - echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper sqlnet" - else - echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper sqlnet" - echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper sqlnet" - fi; diff --git a/templates-cfg/system/conntrack/modules/SQLnet/node.def b/templates-cfg/system/conntrack/modules/SQLnet/node.def deleted file mode 100644 index 42da24b..0000000 --- a/templates-cfg/system/conntrack/modules/SQLnet/node.def +++ /dev/null @@ -1 +0,0 @@ -help: enable SQLnet helper -- cgit v1.2.3 From 1beb14e6dfb50c41b5b612b6696ab68e237d7ed3 Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Mon, 14 May 2012 13:21:09 -0700 Subject: change default behavior, added vyatta-cthelper.pl --- Makefile.am | 1 + lib/Vyatta/Conntrack/ConntrackUtil.pm | 22 +++++++++++++++++++++- templates-cfg/system/conntrack/node.def | 7 +------ templates-cfg/system/conntrack/table-size/node.def | 2 +- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/Makefile.am b/Makefile.am index 39a08b2..26b6b1f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,6 +23,7 @@ bin_sudo_usersdir = $(bindir)/sudo-users bin_sudo_users_SCRIPTS = scripts/vyatta-show-conntrack.pl bin_sudo_users_SCRIPTS += scripts/vyatta-delete-conntrack.pl bin_sudo_users_SCRIPTS += scripts/vyatta-conntrack-timeouts.pl +bin_sudo_users_SCRIPTS += scripts/vyatta-cthelper.pl curver_DATA = cfg-version/conntrack@1 diff --git a/lib/Vyatta/Conntrack/ConntrackUtil.pm b/lib/Vyatta/Conntrack/ConntrackUtil.pm index 8f529c2..c256bd6 100644 --- a/lib/Vyatta/Conntrack/ConntrackUtil.pm +++ b/lib/Vyatta/Conntrack/ConntrackUtil.pm @@ -24,8 +24,9 @@ # package Vyatta::Conntrack::ConntrackUtil; +use Vyatta::IpTables::Mgr; use base qw(Exporter); -our @EXPORT = qw(check_for_conntrack_hooks); +our @EXPORT = qw(check_for_conntrack_hooks, check_and_add_helpers); #function to find if connection tracking is enabled. #looks in the iptables to see if any of the features introduced @@ -48,4 +49,23 @@ sub check_for_conntrack_hooks { } } 1; + +sub +check_ct_helper_rules { + my $index; + my $cthelper_chain = "VYATTA_CT_HELPER"; + foreach my $label ('PREROUTING', 'OUTPUT') { + $index = ipt_find_chain_rule($iptables_cmd, 'raw', $label, $cthelper_chain); + if (!defined($index)) { + # add VYATTA_CT_HELPER to PREROUTING / OUTPUT + print "hook not present\n"; + } + } +} + +sub check_and_add_helpers { + if (check_for_conntrack_hooks()) { + check_ct_helper_rules(); + } +} # end of file diff --git a/templates-cfg/system/conntrack/node.def b/templates-cfg/system/conntrack/node.def index 2ac9101..211c963 100644 --- a/templates-cfg/system/conntrack/node.def +++ b/templates-cfg/system/conntrack/node.def @@ -2,11 +2,6 @@ help: Connection tracking engine options priority: 218 # before NAT and conntrack-sync are configured -end:expression: "if [ -f \"/tmp/vyatta-conntrack-sync\" ]; then \ - sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable; \ - sudo rm \"/tmp/vyatta-conntrack-sync\"; \ - fi" - delete: # set conntrack table size to standard 16384 entries if conntrack settings are removed sudo sysctl -q -w net/nf_conntrack_max=16384 @@ -25,5 +20,5 @@ delete: # set conntrack table size to standard 16384 entries if conntrack settin # need to restart conntrackd with updated conntrack table size if cli-shell-api existsActive service conntrack-sync; then - touch /tmp/vyatta-conntrack-sync + sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable fi diff --git a/templates-cfg/system/conntrack/table-size/node.def b/templates-cfg/system/conntrack/table-size/node.def index 74cf58a..6b1decf 100644 --- a/templates-cfg/system/conntrack/table-size/node.def +++ b/templates-cfg/system/conntrack/table-size/node.def @@ -28,7 +28,7 @@ update: sudo sysctl -q -w net/nf_conntrack_max=$VAR(@) # need to restart conntrackd with updated conntrack table size if cli-shell-api existsActive service conntrack-sync; then - touch /tmp/vyatta-conntrack-sync + sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable fi -- cgit v1.2.3 From 9c903ba22d8aae4ef42bbd989194e6bdf2780be1 Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Mon, 14 May 2012 13:53:31 -0700 Subject: add vyatta-cthelper.pl, disable nodes, add/remove functions for chain --- scripts/vyatta-cthelper.pl | 84 ++++++++++++++++++++++ .../system/conntrack/modules/nfs/disable/node.def | 7 ++ .../conntrack/modules/sqlnet/disable/node.def | 7 ++ 3 files changed, 98 insertions(+) create mode 100644 scripts/vyatta-cthelper.pl create mode 100644 templates-cfg/system/conntrack/modules/nfs/disable/node.def create mode 100644 templates-cfg/system/conntrack/modules/sqlnet/disable/node.def diff --git a/scripts/vyatta-cthelper.pl b/scripts/vyatta-cthelper.pl new file mode 100644 index 0000000..f038037 --- /dev/null +++ b/scripts/vyatta-cthelper.pl @@ -0,0 +1,84 @@ +#!/usr/bin/perl + +use lib "/opt/vyatta/share/perl5"; +use warnings; +use strict; + +use Vyatta::Config; +use Vyatta::Conntrack::ConntrackUtil; +use Vyatta::IpTables::Mgr; +use Getopt::Long; +use Sys::Syslog qw(:standard :macros); + + +#for future +my %cmd_hash = ( 'ipv4' => 'iptables', + 'ipv6' => 'ip6tables'); + +my $nfct = "sudo /opt/vyatta/sbin/nfct"; +my ($enable_sqlnet, $disable_sqlnet, $enable_nfs, $disable_nfs); +my $CTERROR = "Conntrack error:"; + +GetOptions('enable_sqlnet=s' => \$enable_sqlnet, + 'disable_sqlnet=s' => \$disable_sqlnet, + 'disable_nfs=s' => \$disable_nfs, + 'enable_nfs=s' => \$enable_nfs, +); + +# subroutine to add helper rule to VYATTA_CT_HELPER chain. +sub +add_helper_to_chain { + my ($module) = @_; + my $iptables_cmd = $cmd_hash {'ipv4'}; + if ($module eq 'sqlnet') { +# run_cmd (" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns "); + print " $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns \n"; +# run_cmd (" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns "); + print " $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns \n"; + } elsif ($module eq 'nfs') { + print " $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs \n"; +# run_cmd (" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs "); + } +} + +# subroutine to delete helper rule from VYATTA_CT_HELPER chain. +sub +delete_helper_from_chain { + my ($module) = @_; + my $iptables_cmd = $cmd_hash {'ipv4'}; + if ($module eq 'sqlnet') { +# run_cmd (" $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns "); + print " $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns \n"; +# run_cmd (" $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns "); + print " $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns \n"; + } elsif ($module eq 'nfs') { + print " $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs \n"; +# run_cmd (" $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs "); + } +} + +# should disable the required helper module +sub disable_helper_module { + my ($module) = @_; + + print "disable $module\n"; + delete_helper_from_chain($module); +} + +# should enable the required helper module +sub enable_helper_module { + my ($module) = @_; + + print "enable $module\n"; + add_helper_to_chain($module); +} + +if (defined $enable_sqlnet){ + enable_helper_module("sqlnet"); +} elsif (defined $disable_sqlnet) { + disable_helper_module("sqlnet"); +} elsif (defined $enable_nfs) { + enable_helper_module("nfs"); +} elsif (defined $disable_nfs) { + disable_helper_module("nfs"); +} diff --git a/templates-cfg/system/conntrack/modules/nfs/disable/node.def b/templates-cfg/system/conntrack/modules/nfs/disable/node.def new file mode 100644 index 0000000..90f9103 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/nfs/disable/node.def @@ -0,0 +1,7 @@ +help: disable NFS protocol connection tracking helper + +end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then + sudo /opt/vyatta/bin/sudo-users/vyatta-cthelper.pl --enable_nfs=nfs + else + sudo /opt/vyatta/bin/sudo-users/vyatta-cthelper.pl --disable_nfs=nfs + fi; diff --git a/templates-cfg/system/conntrack/modules/sqlnet/disable/node.def b/templates-cfg/system/conntrack/modules/sqlnet/disable/node.def new file mode 100644 index 0000000..aac316b --- /dev/null +++ b/templates-cfg/system/conntrack/modules/sqlnet/disable/node.def @@ -0,0 +1,7 @@ +help: disable SQLnet protocol connection tracking helper + +end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then + sudo /opt/vyatta/bin/sudo-users/vyatta-cthelper.pl --enable_sqlnet=sqlnet + else + sudo /opt/vyatta/bin/sudo-users/vyatta-cthelper.pl --disable_sqlnet=sqlnet + fi; -- cgit v1.2.3 From 3d0f8a19a4a58b5b93cdde90ef963f0708c73063 Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Mon, 14 May 2012 14:00:57 -0700 Subject: delete enable config node --- templates-cfg/system/conntrack/modules/nfs/enable/node.def | 9 --------- templates-cfg/system/conntrack/modules/sqlnet/enable/node.def | 11 ----------- 2 files changed, 20 deletions(-) delete mode 100644 templates-cfg/system/conntrack/modules/nfs/enable/node.def delete mode 100644 templates-cfg/system/conntrack/modules/sqlnet/enable/node.def diff --git a/templates-cfg/system/conntrack/modules/nfs/enable/node.def b/templates-cfg/system/conntrack/modules/nfs/enable/node.def deleted file mode 100644 index 3d07321..0000000 --- a/templates-cfg/system/conntrack/modules/nfs/enable/node.def +++ /dev/null @@ -1,9 +0,0 @@ -help: enable NFS protocol connection tracking helper - -create:expression: "touch /tmp/vyatta-conntrack-sync" - -end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then - echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 2049 -j CT --helper nfs" - else - echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 2049 -j CT --helper nfs" - fi; diff --git a/templates-cfg/system/conntrack/modules/sqlnet/enable/node.def b/templates-cfg/system/conntrack/modules/sqlnet/enable/node.def deleted file mode 100644 index 74186d6..0000000 --- a/templates-cfg/system/conntrack/modules/sqlnet/enable/node.def +++ /dev/null @@ -1,11 +0,0 @@ -help: enable SQLnet protocol connection tracking helper - -create:expression: "touch /tmp/vyatta-conntrack-sync" - -end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then - echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper sqlnet" - echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper sqlnet" - else - echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper sqlnet" - echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper sqlnet" - fi; -- cgit v1.2.3