From 04fb66322346b77cb171d51fc2b3763e0845b6f4 Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit.mehta@vyatta.com>
Date: Mon, 1 Feb 2010 18:01:48 -0800
Subject: Fix Bug 4998 Firewall ruleset being used by IDS is reported as not
 applied

---
 scripts/firewall/vyatta-show-firewall.pl | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl
index 2745842..e939dcf 100755
--- a/scripts/firewall/vyatta-show-firewall.pl
+++ b/scripts/firewall/vyatta-show-firewall.pl
@@ -121,8 +121,19 @@ sub show_interfaces_zones {
      }
   }
 
-  if ((scalar(@int_strs) == 0) && ($used_in_zonefw == 0)) {
-    print "\n Inactive - Not applied to any interfaces or zones.\n";
+  # check if content-inspection is using this ruleset
+  my $custom_filter = 0;
+  my $config = new Vyatta::Config;
+  $config->setLevel("content-inspection traffic-filter");
+  my $custom_traffic_filter = $config->returnValue('custom');
+  if ((defined $custom_traffic_filter) && ($custom_traffic_filter eq $chain)) {
+    $custom_filter = 1;
+    print "\n Active on all incoming and forwarded traffic for content-inspection\n";
+  }
+  
+  if ((scalar(@int_strs) == 0) && ($used_in_zonefw == 0)
+        && ($custom_filter == 0)) {
+    print "\n Inactive - Not applied to any interfaces, zones or for content-inspection.\n";
   } 
   print "\n";
 }
-- 
cgit v1.2.3