From cc7d0c96369980eeda4c01fca1035dca4636243a Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Tue, 17 Apr 2012 11:03:10 -0700 Subject: ensure single reload of conntrackd daemon --- templates-cfg/system/conntrack/modules/SQLnet/enable/node.def | 8 ++++++++ templates-cfg/system/conntrack/modules/nfs/enable/node.def | 6 ++++++ templates-cfg/system/conntrack/modules/node.def | 6 ------ templates-cfg/system/conntrack/node.def | 7 ++++++- templates-cfg/system/conntrack/table-size/node.def | 2 +- 5 files changed, 21 insertions(+), 8 deletions(-) (limited to 'templates-cfg') diff --git a/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def b/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def index 1cbd130..630d728 100644 --- a/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def +++ b/templates-cfg/system/conntrack/modules/SQLnet/enable/node.def @@ -1,3 +1,11 @@ help: enable SQLnet protocol helper create:expression: "touch /tmp/vyatta-conntrack-sync" + +end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then + echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper sqlnet" + echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper sqlnet" + else + echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper sqlnet" + echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper sqlnet" + fi; diff --git a/templates-cfg/system/conntrack/modules/nfs/enable/node.def b/templates-cfg/system/conntrack/modules/nfs/enable/node.def index b2a2694..130dd7f 100644 --- a/templates-cfg/system/conntrack/modules/nfs/enable/node.def +++ b/templates-cfg/system/conntrack/modules/nfs/enable/node.def @@ -1,3 +1,9 @@ help: enable nfs create:expression: "touch /tmp/vyatta-conntrack-sync" + +end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then + echo "sudo iptables -D VYATTA_CT_HELPER -t raw -p tcp --dport 2049 -j CT --helper nfs" + else + echo "sudo iptables -I VYATTA_CT_HELPER -t raw -p tcp --dport 2049 -j CT --helper nfs" + fi; diff --git a/templates-cfg/system/conntrack/modules/node.def b/templates-cfg/system/conntrack/modules/node.def index c391511..25cba5d 100644 --- a/templates-cfg/system/conntrack/modules/node.def +++ b/templates-cfg/system/conntrack/modules/node.def @@ -1,7 +1 @@ help: Connection tracking modules settings - -end:expression: "if [ -f \"/tmp/vyatta-conntrack-sync\" ]; then \ - sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable; \ - sudo rm \"/tmp/vyatta-conntrack-sync\"; \ - fi" - diff --git a/templates-cfg/system/conntrack/node.def b/templates-cfg/system/conntrack/node.def index 53488ae..2ac9101 100644 --- a/templates-cfg/system/conntrack/node.def +++ b/templates-cfg/system/conntrack/node.def @@ -2,6 +2,11 @@ help: Connection tracking engine options priority: 218 # before NAT and conntrack-sync are configured +end:expression: "if [ -f \"/tmp/vyatta-conntrack-sync\" ]; then \ + sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable; \ + sudo rm \"/tmp/vyatta-conntrack-sync\"; \ + fi" + delete: # set conntrack table size to standard 16384 entries if conntrack settings are removed sudo sysctl -q -w net/nf_conntrack_max=16384 @@ -20,5 +25,5 @@ delete: # set conntrack table size to standard 16384 entries if conntrack settin # need to restart conntrackd with updated conntrack table size if cli-shell-api existsActive service conntrack-sync; then - sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable + touch /tmp/vyatta-conntrack-sync fi diff --git a/templates-cfg/system/conntrack/table-size/node.def b/templates-cfg/system/conntrack/table-size/node.def index b44b563..74cf58a 100644 --- a/templates-cfg/system/conntrack/table-size/node.def +++ b/templates-cfg/system/conntrack/table-size/node.def @@ -28,7 +28,7 @@ update: sudo sysctl -q -w net/nf_conntrack_max=$VAR(@) # need to restart conntrackd with updated conntrack table size if cli-shell-api existsActive service conntrack-sync; then - sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable + touch /tmp/vyatta-conntrack-sync fi -- cgit v1.2.3