diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2010-03-05 11:42:11 -0800 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2010-03-05 11:42:11 -0800 |
| commit | d1db91f61ff6dac2edd55df5b2bb383c470df8b5 (patch) | |
| tree | f9e55c4e3534cfb9d653884dd283fe747d581e79 | |
| parent | 5a75f0615934a1c15bee3a04acfa8112cbb03819 (diff) | |
| download | vyatta-nat-d1db91f61ff6dac2edd55df5b2bb383c470df8b5.tar.gz vyatta-nat-d1db91f61ff6dac2edd55df5b2bb383c470df8b5.zip | |
Fix nat conntrack teardown.
| -rwxr-xr-x | scripts/vyatta-update-nat.pl | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/scripts/vyatta-update-nat.pl b/scripts/vyatta-update-nat.pl index bbbd4ff..9669ebe 100755 --- a/scripts/vyatta-update-nat.pl +++ b/scripts/vyatta-update-nat.pl @@ -9,19 +9,20 @@ sub numerically { $a <=> $b; } sub raw_cleanup { # remove the conntrack setup. - my @lines - = `iptables -t raw -L PREROUTING -vn --line-numbers | egrep ^[0-9]`; - foreach (@lines) { - my ($num, $ignore, $ignore, $chain, $ignore, $ignore, $in, $out, - $ignore, $ignore) = split /\s+/; - if ($chain eq "NAT_CONNTRACK") { - system("iptables -t raw -D PREROUTING $num"); - system("iptables -t raw -D OUTPUT $num"); - system("iptables -t raw -F NAT_CONNTRACK"); - system("iptables -t raw -X NAT_CONNTRACK"); - last; + my @lines; + foreach my $label ('PREROUTING', 'OUTPUT') { + @lines = `iptables -t raw -L $label -vn --line-numbers | egrep ^[0-9]`; + foreach (@lines) { + my ($num, $ignore, $ignore, $chain, $ignore, $ignore, $in, $out, + $ignore, $ignore) = split /\s+/; + if ($chain eq "NAT_CONNTRACK") { + system("iptables -t raw -D $label $num"); + last; + } } } + system("iptables -t raw -F NAT_CONNTRACK"); + system("iptables -t raw -X NAT_CONNTRACK"); } my $config = new Vyatta::Config; |