diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-02-03 16:35:29 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-02-03 16:35:29 -0800 |
| commit | cf6127d4091e50b3c7817e78947529ca599e6781 (patch) | |
| tree | fab0daefd9fc9a7b5ed302bfb2b42a49811328d8 | |
| parent | 19c6713d5d505cde98eee49031e7d7403bdad994 (diff) | |
| download | vyatta-nat-cf6127d4091e50b3c7817e78947529ca599e6781.tar.gz vyatta-nat-cf6127d4091e50b3c7817e78947529ca599e6781.zip | |
fix bug 4115 'clear nat translations' does not clear nat translations
* removed command 'clear nat translations'. connection tracking entries
can be flushed using 'clear connection-tracking' command
* use perl api to get currently active NAT rules
| -rw-r--r-- | Makefile.am | 3 | ||||
| -rwxr-xr-x | scripts/vyatta-clear-nat | 4 | ||||
| -rwxr-xr-x | scripts/vyatta-clear-nat-counters.pl | 38 | ||||
| -rw-r--r-- | templates-op/clear/nat/counters/node.def | 2 | ||||
| -rw-r--r-- | templates-op/clear/nat/counters/rule/node.tag/node.def | 4 | ||||
| -rw-r--r-- | templates-op/clear/nat/translations/node.def | 2 |
6 files changed, 36 insertions, 17 deletions
diff --git a/Makefile.am b/Makefile.am index af54b1f..02b0228 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,8 +10,7 @@ sbin_SCRIPTS += scripts/vyatta-show-nat.pl sbin_SCRIPTS += scripts/vyatta-show-nat-rules.pl sbin_SCRIPTS += scripts/vyatta-clear-nat-counters.pl -bin_sudo_users_SCRIPTS = scripts/vyatta-clear-nat -bin_sudo_users_SCRIPTS += scripts/vyatta-nat-translations.pl +bin_sudo_users_SCRIPTS = scripts/vyatta-nat-translations.pl share_perl5_DATA = lib/Vyatta/NatRule.pm curver_DATA = cfg-version/nat@3 diff --git a/scripts/vyatta-clear-nat b/scripts/vyatta-clear-nat deleted file mode 100755 index ffa021d..0000000 --- a/scripts/vyatta-clear-nat +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -iptables-save -t nat | iptables-restore - diff --git a/scripts/vyatta-clear-nat-counters.pl b/scripts/vyatta-clear-nat-counters.pl index 53a0be3..90aea55 100755 --- a/scripts/vyatta-clear-nat-counters.pl +++ b/scripts/vyatta-clear-nat-counters.pl @@ -35,6 +35,22 @@ my %chain_hash = ( 'source' => 'POSTROUTING', 'destination' => 'PREROUTING', 'masquerade' => 'POSTROUTING'); +sub numerically { $a <=> $b; } + +sub get_nat_rules { + my $config = new Vyatta::Config; + $config->setLevel("service nat rule"); + my @rules = sort numerically $config->listOrigNodes(); + return @rules; +} + +sub print_nat_rules { + my @rules = get_nat_rules(); + my $rule_string = join(" ",@rules); + print $rule_string; + return; +} + sub clear_rule { my $clirule = shift; my $error = undef; @@ -45,15 +61,20 @@ sub clear_rule { return "error clearing NAT rule counters" if $error; } else { # clear counters for a specific NAT rule - my $config = new Vyatta::Config; - $config->setLevel("service nat rule"); - my @rules = $config->listOrigNodes(); + my @rules = get_nat_rules(); # validate that it's a legit CLI rule if (!((scalar(grep(/^$clirule$/, @rules)) > 0))) { return "Invalid NAT rule number \"$clirule\""; } + my $config = new Vyatta::Config; + $config->setLevel("service nat rule"); + + # make sure rule is enabled + my $is_rule_disabled = $config->existsOrig("$clirule disable"); + return "NAT rule $clirule is disabled" if defined $is_rule_disabled; + # determine rule type my $rule_type = $config->returnOrigValue("$clirule type"); @@ -77,14 +98,19 @@ sub clear_rule { # main # -my ($clirulenum); -GetOptions("clirule=s" => \$clirulenum); +my ($action, $clirulenum); + +GetOptions( "action=s" => \$action, + "clirule=s" => \$clirulenum); +die "undefined action" if ! defined $action; die "undefined rule number" if ! defined $clirulenum; my ($error, $warning); -($error, $warning) = clear_rule($clirulenum); +($error, $warning) = clear_rule($clirulenum) if $action eq 'clear-counters'; + +($error, $warning) = print_nat_rules() if $action eq 'print-nat-rules'; if (defined $warning) { print "$warning\n"; diff --git a/templates-op/clear/nat/counters/node.def b/templates-op/clear/nat/counters/node.def index 3327eda..12a37df 100644 --- a/templates-op/clear/nat/counters/node.def +++ b/templates-op/clear/nat/counters/node.def @@ -1,2 +1,2 @@ help: Clear NAT counters -run: /opt/vyatta/sbin/vyatta-clear-nat-counters.pl --clirule=all +run: /opt/vyatta/sbin/vyatta-clear-nat-counters.pl --action=clear-counters --clirule=all diff --git a/templates-op/clear/nat/counters/rule/node.tag/node.def b/templates-op/clear/nat/counters/rule/node.tag/node.def index 2d1b4a9..b8a07fe 100644 --- a/templates-op/clear/nat/counters/rule/node.tag/node.def +++ b/templates-op/clear/nat/counters/rule/node.tag/node.def @@ -1,3 +1,3 @@ help: Clear counters for a specific NAT rule -allowed: ls /opt/vyatta/config/active/service/nat/rule/ 2>/dev/null -run: /opt/vyatta/sbin/vyatta-clear-nat-counters.pl --clirule="$5" +allowed: /opt/vyatta/sbin/vyatta-clear-nat-counters.pl --action=print-nat-rules --clirule=all +run: /opt/vyatta/sbin/vyatta-clear-nat-counters.pl --action=clear-counters --clirule="$5" diff --git a/templates-op/clear/nat/translations/node.def b/templates-op/clear/nat/translations/node.def deleted file mode 100644 index b096905..0000000 --- a/templates-op/clear/nat/translations/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Clear NAT translations -run: sudo ${vyatta_bindir}/sudo-users/vyatta-clear-nat |