From 7d93877527420cb0f878fa32b39273748fae7498 Mon Sep 17 00:00:00 2001
From: Gaurav Sinha <gaurav.sinha@vyatta.com>
Date: Wed, 29 Aug 2012 16:30:02 -0700
Subject: Fix 8308, use C version of vyatta-validate-type, also fixing handling
 negation as per iptables in script

---
 lib/Vyatta/Conntrack/RuleIgnore.pm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'lib/Vyatta')

diff --git a/lib/Vyatta/Conntrack/RuleIgnore.pm b/lib/Vyatta/Conntrack/RuleIgnore.pm
index 9b9abe1..9127fa2 100644
--- a/lib/Vyatta/Conntrack/RuleIgnore.pm
+++ b/lib/Vyatta/Conntrack/RuleIgnore.pm
@@ -42,7 +42,12 @@ sub rule {
         exit 1;
   }
   if (defined($self->{_protocol})) {
-    $rule .= " -p $self->{_protocol}";
+    if ($self->{_protocol} =~ m/^!/) {
+      my $protocol = substr($self->{_protocol}, 1);
+      $rule .= " ! -p  $protocol";
+    } else {
+      $rule .= " -p $self->{_protocol}";
+    }
   }
   $rule .= " $srcrule $dstrule ";
   return $rule;
-- 
cgit v1.2.3