Bug 5682: Remove old vyatta-update-nat.pl script now splitted into

source and destination parts

1 files changed, 0 insertions, 188 deletions

diff --git a/scripts/vyatta-update-nat.pl b/scripts/vyatta-update-nat.pl
deleted file mode 100755
index 63c17dc..0000000
--- a/scripts/vyatta-update-nat.pl
+++ /dev/null
@@ -1,188 +0,0 @@
-#!/usr/bin/perl
-#
-# Module: vyatta-update-nat.pl
-#
-# **** License ****
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# This code was originally developed by Vyatta, Inc.
-# Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc.
-# All Rights Reserved.
-#
-# Author: eng@vyatta.com
-# Date: 2009
-# Description: Script to update iptables NAT rules
-#
-# **** End License ****
-#
-
-use strict;
-use lib "/opt/vyatta/share/perl5/";
-use Vyatta::Config;
-use Vyatta::NatRule;
-use Vyatta::IpTables::Mgr;
-
-my $CONFIG_LEVEL = "nat";
-my $IPTABLES = "/sbin/iptables";
-
-sub numerically { $a <=> $b; }
-
-sub raw_cleanup {
-  # remove the conntrack setup.
-  ipt_disable_conntrack('iptables', 'NAT_CONNTRACK');
-}
-
-my $config = new Vyatta::Config;
-$config->setLevel($CONFIG_LEVEL." rule");
-my %rules = $config->listNodeStatus();
-my $rule;
-my $debug = 0;
-if ($debug) {
-  open(OUT, ">>/tmp/nat") or exit 1;
-} else {
-  open(OUT, ">>/dev/null") or exit 1;
-}
-my %ipt_rulenum = (
-                    source      => 2,
-                    destination => 2,
-                  );
-my %chain_name = (
-                  source      => "POSTROUTING",
-                  destination => "PREROUTING",
-                 );
-print OUT "========= nat list =========\n";
-my @rule_keys = sort numerically keys %rules;
-if ($#rule_keys < 0) {
-  raw_cleanup();
-  exit 0;
-}
-
-## it seems that "multiport" does not like port range (p1:p2) if nobody has
-## touched the nat table yet after reboot!?
-system("$IPTABLES -t nat -L -n >& /dev/null");
-
-# we have some nat rule(s). make sure conntrack is enabled.
-ipt_enable_conntrack('iptables', 'NAT_CONNTRACK');
-
-my $all_deleted = 1;
-for $rule (@rule_keys) {
-  print OUT "$rule: $rules{$rule}\n";
-  my $tmp = `iptables -L -nv --line -t nat`;
-  print OUT "iptables before:\n$tmp\n";
-  my $nrule = new Vyatta::NatRule;
-  $nrule->setup($CONFIG_LEVEL." rule $rule");
-  my $otype = $nrule->orig_type();
-  my $ntype = $nrule->new_type();
-  if ((defined($otype) && $otype ne "source" && $otype ne "destination")
-      || (defined($ntype) && $ntype ne "source" && $ntype ne "destination")) {
-    exit 2;
-  }
-
-  if ($rules{$rule} ne "deleted") {
-    $all_deleted = 0;
-  }
- 
-  my $cmd;
-  if ($rules{$rule} eq "static") {
-    # $otype and $ntype should be the same
-    if (!defined($ntype)) {
-      exit 3;
-    }
-    my $ipt_rules = $nrule->get_num_ipt_rules();
-    $ipt_rulenum{$ntype} += $ipt_rules;
-    next;
-  } elsif ($rules{$rule} eq "deleted") {
-    # $ntype should be empty
-    if (!defined($otype)) {
-      exit 4;
-    }
-    my $orule = new Vyatta::NatRule;
-    $orule->setupOrig($CONFIG_LEVEL." rule $rule");
-    my $ipt_rules = $orule->get_num_ipt_rules();
-    for (1 .. $ipt_rules) {
-      $cmd = "$IPTABLES -t nat -D $chain_name{$otype} $ipt_rulenum{$otype}";
-      print OUT "$cmd\n";
-      if (system($cmd)) {
-        exit 1;
-      }
-    }
-    next;
-  }
-  
-  my ($err, @rule_strs) = $nrule->rule_str();
-  if (defined $err) {
-    # rule check failed => return error
-    print OUT "NAT configuration error: $err\n";
-    print STDERR "NAT configuration error: $err\n";
-    exit 5;
-  }
-  
-  if ($rules{$rule} eq "added") {
-    # $otype should be empty
-    if (!defined($ntype)) {
-      exit 6;
-    }
-    foreach my $rule_str (@rule_strs) {
-      next if !defined $rule_str;
-      $cmd = "$IPTABLES -t nat -I $chain_name{$ntype} $ipt_rulenum{$ntype} " .
-          "$rule_str";
-      print OUT "$cmd\n";
-      if (system($cmd)) {
-        exit 1;
-      }
-      $ipt_rulenum{$ntype}++;
-    }
-
-  } elsif ($rules{$rule} eq "changed") {
-    # $otype and $ntype may not be the same
-    if (!defined($otype) || !defined($ntype)) {
-      exit 7;
-    }
-
-    # delete the old rule(s)
-    my $orule = new Vyatta::NatRule;
-    $orule->setupOrig($CONFIG_LEVEL." rule $rule");
-    my $ipt_rules = $orule->get_num_ipt_rules();
-    my $idx = $ipt_rulenum{$otype};
-    for (1 .. $ipt_rules) {
-      $cmd = "$IPTABLES -t nat -D $chain_name{$otype} $idx";
-      print OUT "$cmd\n";
-      if (system($cmd)) {
-        exit 1;
-      }
-    }
-
-    # add the new rule(s)
-    foreach my $rule_str (@rule_strs) {
-      next if !defined $rule_str;
-      $cmd = "$IPTABLES -t nat -I $chain_name{$ntype} $ipt_rulenum{$ntype} " .
-          "$rule_str";
-      print OUT "$cmd\n";
-      if (system($cmd)) {
-        exit 1;
-      }
-      $ipt_rulenum{$ntype}++;
-    }
-
-  }
-}
-
-if ($all_deleted) {
-  raw_cleanup();
-}
-
-close OUT;
-exit 0;
-
-# Local Variables:
-# mode: perl
-# indent-tabs-mode: nil
-# perl-indent-level: 2
-# End: