From d1db91f61ff6dac2edd55df5b2bb383c470df8b5 Mon Sep 17 00:00:00 2001
From: Stig Thormodsrud <stig@vyatta.com>
Date: Fri, 5 Mar 2010 11:42:11 -0800
Subject: Fix nat conntrack teardown.

---
 scripts/vyatta-update-nat.pl | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

(limited to 'scripts')

diff --git a/scripts/vyatta-update-nat.pl b/scripts/vyatta-update-nat.pl
index bbbd4ff..9669ebe 100755
--- a/scripts/vyatta-update-nat.pl
+++ b/scripts/vyatta-update-nat.pl
@@ -9,19 +9,20 @@ sub numerically { $a <=> $b; }
 
 sub raw_cleanup {
   # remove the conntrack setup.
-  my @lines
-    = `iptables -t raw -L PREROUTING -vn --line-numbers | egrep ^[0-9]`;
-  foreach (@lines) {
-    my ($num, $ignore, $ignore, $chain, $ignore, $ignore, $in, $out,
-        $ignore, $ignore) = split /\s+/;
-    if ($chain eq "NAT_CONNTRACK") {
-      system("iptables -t raw -D PREROUTING $num");
-      system("iptables -t raw -D OUTPUT $num");
-      system("iptables -t raw -F NAT_CONNTRACK");
-      system("iptables -t raw -X NAT_CONNTRACK");
-      last;
+  my @lines;
+  foreach my $label ('PREROUTING', 'OUTPUT') {
+    @lines = `iptables -t raw -L $label -vn --line-numbers | egrep ^[0-9]`;
+    foreach (@lines) {
+      my ($num, $ignore, $ignore, $chain, $ignore, $ignore, $in, $out,
+          $ignore, $ignore) = split /\s+/;
+      if ($chain eq "NAT_CONNTRACK") {
+        system("iptables -t raw -D $label $num");
+        last;
+      }
     }
   }
+  system("iptables -t raw -F NAT_CONNTRACK");
+  system("iptables -t raw -X NAT_CONNTRACK");
 }
 
 my $config = new Vyatta::Config;
-- 
cgit v1.2.3