2 files changed, 98 insertions, 2 deletions

diff --git a/scripts/firewall/vyatta-clear-firewall b/scripts/firewall/vyatta-clear-firewall
new file mode 100644
index 0000000..ae48970
--- /dev/null
+++ b/scripts/firewall/vyatta-clear-firewall
@@ -0,0 +1,96 @@
+#!/bin/bash
+#
+# Module: vyatta-clear-firewall
+#
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2006-2009 Vyatta, Inc.
+# All Rights Reserved.
+#
+# Author: Mohit Mehta
+# Date: February 2009
+# Description: Script to clear firewall counters
+#
+# **** End License ****
+#
+
+print_usage()
+{
+    echo "Usage:"
+    echo -e "\t$0 iptables/ip6tables table-name chain-name [rule-num]"
+}
+
+clear_chain() {
+ sudo $iptables_cmd -t $table_name -Z $chain_name 2>/dev/null
+ result=`echo $?`
+ if [ $result != 0 ]; then
+  echo Invalid $ip_version firewall $cli_tree chain \'$chain_name\'
+  exit 1
+ fi
+}
+
+clear_chain_rule() {
+ result=`sudo $iptables_cmd -t $table_name -L $chain_name 2>/dev/null`
+ result=`echo $?`
+ if [ $result != 0 ]; then
+  echo Invalid $ip_version firewall $cli_tree chain \'$chain_name\'
+  exit 1
+ else
+  iptables_rule_num=( `sudo $iptables_cmd -t $table_name -L $chain_name \
+    --line-numbers | grep "/\* $chain_name-$rule_num " | awk '{ print $1 }'` )
+  num_iptables_rules=${#iptables_rule_num[*]}
+  if [ $num_iptables_rules != 0 ]; then
+   i=0
+   while [ $i -lt $num_iptables_rules ]; do
+    sudo $iptables_cmd -t $table_name -Z $chain_name ${iptables_rule_num[$i]}
+    let i++
+   done
+  else
+   echo No \'rule $rule_num\' under $ip_version firewall $cli_tree chain \'$chain_name\'
+   exit 1
+  fi
+ fi
+}
+
+#
+# main
+#
+
+if [ $# -lt 3 ]; then
+ print_usage
+ exit 1
+fi
+
+iptables_cmd=$1
+table_name=$2
+chain_name=$3
+rule_num=$4
+
+if [[ '6' =~ $iptables_cmd ]]; then
+ ip_version="IPv6"
+else
+ ip_version="IPv4"
+fi
+
+if [[ 'filter' =~ $table_name ]]; then
+ cli_tree="name"
+else
+ cli_tree="modify"
+fi
+
+if [ -n "$rule_num" ]; then
+ clear_chain_rule
+else
+ clear_chain
+fi
+
+exit 0
diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl
index 2de9061..f103dfc 100755
--- a/scripts/firewall/vyatta-show-firewall.pl
+++ b/scripts/firewall/vyatta-show-firewall.pl
@@ -142,7 +142,7 @@ sub show_chain($$$) {
     $rule->outputXml($fh);
     print $fh "  </row>\n";
   }
-  if (!defined($rule_num)) {
+  if (!defined($rule_num) || ($rule_num == 1025)) {
     # dummy rule
     print $fh "  <row>\n";
     print $fh "    <rule_number>1025</rule_number>\n";
@@ -219,7 +219,7 @@ if ($tree_name eq "all") {
     #validate rule-num for given chain
      $config->setLevel("firewall $tree $chain_name rule");
      my @rules = $config->listOrigNodes();
-     if (!(scalar(grep(/^$rule_num$/, @rules)) > 0)) {
+     if (!((scalar(grep(/^$rule_num$/, @rules)) > 0) || ($rule_num == 1025))) {
       print "Invalid rule $rule_num under firewall instance [$chain_name] \n";
       exit 1;
      }