diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2010-03-05 11:42:11 -0800 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2010-03-10 16:45:07 -0800 |
| commit | d1ac5f969ba98e134c1811dbc4992fb230a3e68f (patch) | |
| tree | 41a16b557af0d304262508f2e0359068558654c1 | |
| parent | a248a5cabeccd8faafe2c1f346fa2ae8d7010a30 (diff) | |
| download | vyatta-nat-d1ac5f969ba98e134c1811dbc4992fb230a3e68f.tar.gz vyatta-nat-d1ac5f969ba98e134c1811dbc4992fb230a3e68f.zip | |
Fix nat conntrack teardown.
| -rwxr-xr-x | scripts/vyatta-update-nat.pl | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/scripts/vyatta-update-nat.pl b/scripts/vyatta-update-nat.pl index bbbd4ff..9669ebe 100755 --- a/scripts/vyatta-update-nat.pl +++ b/scripts/vyatta-update-nat.pl @@ -9,19 +9,20 @@ sub numerically { $a <=> $b; } sub raw_cleanup { # remove the conntrack setup. - my @lines - = `iptables -t raw -L PREROUTING -vn --line-numbers | egrep ^[0-9]`; - foreach (@lines) { - my ($num, $ignore, $ignore, $chain, $ignore, $ignore, $in, $out, - $ignore, $ignore) = split /\s+/; - if ($chain eq "NAT_CONNTRACK") { - system("iptables -t raw -D PREROUTING $num"); - system("iptables -t raw -D OUTPUT $num"); - system("iptables -t raw -F NAT_CONNTRACK"); - system("iptables -t raw -X NAT_CONNTRACK"); - last; + my @lines; + foreach my $label ('PREROUTING', 'OUTPUT') { + @lines = `iptables -t raw -L $label -vn --line-numbers | egrep ^[0-9]`; + foreach (@lines) { + my ($num, $ignore, $ignore, $chain, $ignore, $ignore, $in, $out, + $ignore, $ignore) = split /\s+/; + if ($chain eq "NAT_CONNTRACK") { + system("iptables -t raw -D $label $num"); + last; + } } } + system("iptables -t raw -F NAT_CONNTRACK"); + system("iptables -t raw -X NAT_CONNTRACK"); } my $config = new Vyatta::Config; |