diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-02-01 18:01:48 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-02-01 18:01:48 -0800 |
| commit | 04fb66322346b77cb171d51fc2b3763e0845b6f4 (patch) | |
| tree | 55d47a0a51278f8b94c24aacb62468af3792d4e5 | |
| parent | 7d9f390c329a5f79c778ee28cd79c2bdc386e998 (diff) | |
| download | vyatta-op-firewall-04fb66322346b77cb171d51fc2b3763e0845b6f4.tar.gz vyatta-op-firewall-04fb66322346b77cb171d51fc2b3763e0845b6f4.zip | |
Fix Bug 4998 Firewall ruleset being used by IDS is reported as not applied
| -rwxr-xr-x | scripts/firewall/vyatta-show-firewall.pl | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl index 2745842..e939dcf 100755 --- a/scripts/firewall/vyatta-show-firewall.pl +++ b/scripts/firewall/vyatta-show-firewall.pl @@ -121,8 +121,19 @@ sub show_interfaces_zones { } } - if ((scalar(@int_strs) == 0) && ($used_in_zonefw == 0)) { - print "\n Inactive - Not applied to any interfaces or zones.\n"; + # check if content-inspection is using this ruleset + my $custom_filter = 0; + my $config = new Vyatta::Config; + $config->setLevel("content-inspection traffic-filter"); + my $custom_traffic_filter = $config->returnValue('custom'); + if ((defined $custom_traffic_filter) && ($custom_traffic_filter eq $chain)) { + $custom_filter = 1; + print "\n Active on all incoming and forwarded traffic for content-inspection\n"; + } + + if ((scalar(@int_strs) == 0) && ($used_in_zonefw == 0) + && ($custom_filter == 0)) { + print "\n Inactive - Not applied to any interfaces, zones or for content-inspection.\n"; } print "\n"; } |