From 61a05bd7b98baa3b36c742452b192a49ba5b2a12 Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit.mehta@vyatta.com>
Date: Wed, 3 Feb 2010 16:33:37 -0800
Subject: Fix bug 4115 'clear nat translations' does not clear nat translations
 * added command 'clear connection-tracking' to flush all conntrack entries

---
 Makefile.am                                  |  1 +
 scripts/vyatta-clear-conntrack               | 65 ++++++++++++++++++++++++++++
 templates/clear/connection-tracking/node.def |  2 +
 3 files changed, 68 insertions(+)
 create mode 100644 scripts/vyatta-clear-conntrack
 create mode 100644 templates/clear/connection-tracking/node.def

diff --git a/Makefile.am b/Makefile.am
index 2bc3a15..7174493 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -29,6 +29,7 @@ bin_sudo_users_SCRIPTS     += scripts/vyatta-delete-log-file.sh
 bin_sudo_users_SCRIPTS	   += scripts/vyatta-reboot.pl
 bin_sudo_users_SCRIPTS     += scripts/vyatta-op-dns-forwarding.pl
 bin_sudo_users_SCRIPTS     += scripts/vyatta-op-dynamic-dns.pl
+bin_sudo_users_SCRIPTS     += scripts/vyatta-clear-conntrack
 
 cpiop = find  . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \
 	cpio -0pd
diff --git a/scripts/vyatta-clear-conntrack b/scripts/vyatta-clear-conntrack
new file mode 100644
index 0000000..690e0a4
--- /dev/null
+++ b/scripts/vyatta-clear-conntrack
@@ -0,0 +1,65 @@
+#!/bin/sh
+#
+# Module: vyatta-clear-conntrack
+#
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2006-2009 Vyatta, Inc.
+# All Rights Reserved.
+#
+# Author: Mohit Mehta
+# Date: February 2010
+# Description: Script to flush all conntrack entries
+#
+# **** End License ****
+#
+
+# picked up from install-system script
+get_response () {
+  ldefault=$(echo "$1" | tr [:upper:] [:lower:])
+  loptions=$(echo "$2" | tr [:upper:] [:lower:])
+
+  # get the response from the user
+  read myresponse
+  myresponse=$(echo "$myresponse" | tr [:upper:] [:lower:])
+
+  # Check to see if the user accepts the default
+  if [ -z "$myresponse" ]; then
+    echo -n $ldefault
+  # if we are passing in options to check, make sure response is a valid option
+  elif [ -n "$loptions" ]; then
+    for token in $loptions
+      do
+        if [ "$token" == "$myresponse" ]; then
+          echo -n "$myresponse"
+          return 0
+        fi
+      done
+    return 1
+  else
+    echo -n "$myresponse"
+  fi
+
+  return 0
+}
+
+response=''
+while [ -z "$response" ]
+do
+  echo -ne "\nThis will clear all currently tracked connections. Continue? (Y/N) [N]: "
+  response=$(get_response "N" "Y N")
+  if [ "$response" == "n" ]; then
+    exit 1
+  else
+    sudo /usr/sbin/conntrack -F
+  fi
+done
diff --git a/templates/clear/connection-tracking/node.def b/templates/clear/connection-tracking/node.def
new file mode 100644
index 0000000..8e588da
--- /dev/null
+++ b/templates/clear/connection-tracking/node.def
@@ -0,0 +1,2 @@
+help: Clear all currently tracked connections
+run: sudo /opt/vyatta/bin/sudo-users/vyatta-clear-conntrack
-- 
cgit v1.2.3