From 5d5445e1b1851e7e0a150ad53e7286f98b20b039 Mon Sep 17 00:00:00 2001
From: Alex Harpin <development@landsofshadow.co.uk>
Date: Sun, 19 Jul 2015 10:14:44 +0100
Subject: Revert "vyatta-nat: check nat rules for errors before processing them
 for real"

This reverts commit 5f05bdd480f0de2be2d87934b9b53dab09ead9ea.
---
 scripts/vyatta-update-dst-nat.pl | 23 ++++++-----------------
 scripts/vyatta-update-src-nat.pl | 23 ++++++-----------------
 2 files changed, 12 insertions(+), 34 deletions(-)

(limited to 'scripts')

diff --git a/scripts/vyatta-update-dst-nat.pl b/scripts/vyatta-update-dst-nat.pl
index 7cf49a2..6543f17 100755
--- a/scripts/vyatta-update-dst-nat.pl
+++ b/scripts/vyatta-update-dst-nat.pl
@@ -81,23 +81,6 @@ system("$IPTABLES -t nat -L -n >& /dev/null");
 # we have some nat rule(s). make sure conntrack is enabled.
 ipt_enable_conntrack('iptables', 'NAT_CONNTRACK');
 
-for $rule (@rule_keys) {
-  my $rule_test = new Vyatta::DstNatRule;
-  $rule_test->setup($CONFIG_LEVEL." rule $rule");
-
-  if (($rules{$rule} eq "static") || ($rules{$rule} eq "deleted")) {
-    next;
-  } else {
-    my ($err, @rule_strs) = $rule_test->rule_str();
-    if (defined $err) {
-      # rule check failed => return error
-      print OUT "Destination NAT configuration error in rule $rule: $err\n";
-      print STDERR "Destination NAT configuration error in rule $rule: $err\n";
-      exit 5;
-    }
-  }
-}
-  
 for $rule (@rule_keys) {
   print OUT "$rule: $rules{$rule}\n";
   my $tmp = `iptables -L -nv --line -t nat`;
@@ -129,6 +112,12 @@ for $rule (@rule_keys) {
   }
   
   my ($err, @rule_strs) = $nrule->rule_str();
+  if (defined $err) {
+    # rule check failed => return error
+    print OUT "Destination NAT configuration error in rule $rule: $err\n";
+    print STDERR "Destination NAT configuration error in rule $rule: $err\n";
+    exit 5;
+  }
   
   if ($rules{$rule} eq "added") {
     foreach my $rule_str (@rule_strs) {
diff --git a/scripts/vyatta-update-src-nat.pl b/scripts/vyatta-update-src-nat.pl
index 20f9887..b908cc1 100755
--- a/scripts/vyatta-update-src-nat.pl
+++ b/scripts/vyatta-update-src-nat.pl
@@ -81,23 +81,6 @@ system("$IPTABLES -t nat -L -n >& /dev/null");
 # we have some nat rule(s). make sure conntrack is enabled.
 ipt_enable_conntrack('iptables', 'NAT_CONNTRACK');
 
-for $rule (@rule_keys) {
-  my $rule_test = new Vyatta::DstNatRule;
-  $rule_test->setup($CONFIG_LEVEL." rule $rule");
-
-  if (($rules{$rule} eq "static") || ($rules{$rule} eq "deleted")) {
-    next;
-  } else {
-    my ($err, @rule_strs) = $rule_test->rule_str();
-    if (defined $err) {
-      # rule check failed => return error
-      print OUT "Destination NAT configuration error in rule $rule: $err\n";
-      print STDERR "Destination NAT configuration error in rule $rule: $err\n";
-      exit 5;
-    }
-  }
-}
-
 for $rule (@rule_keys) {
   print OUT "$rule: $rules{$rule}\n";
   my $tmp = `iptables -L -nv --line -t nat`;
@@ -129,6 +112,12 @@ for $rule (@rule_keys) {
   }
   
   my ($err, @rule_strs) = $nrule->rule_str();
+  if (defined $err) {
+    # rule check failed => return error
+    print OUT "Source NAT configuration error in rule $rule: $err\n";
+    print STDERR "Source NAT configuration error in rule $rule: $err\n";
+    exit 5;
+  }
   
   if ($rules{$rule} eq "added") {
     foreach my $rule_str (@rule_strs) {
-- 
cgit v1.2.3