summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorslioch <slioch@eng-140.vyatta.com>2009-07-06 10:49:06 -0700
committerslioch <slioch@eng-140.vyatta.com>2009-07-06 10:51:23 -0700
commit8c53efc2b64c0657d458bc8222bc1b0dbbf05f99 (patch)
tree123e62127dd6f1aa68dc4bae50c9444a79ff3aab
parent269bd94265d3865051a60340f87412a88575d60e (diff)
downloadvyatta-wanloadbalance-8c53efc2b64c0657d458bc8222bc1b0dbbf05f99.tar.gz
vyatta-wanloadbalance-8c53efc2b64c0657d458bc8222bc1b0dbbf05f99.zip
fix for bug 4351. Move conntrack to feature specific chain for raw table.
-rw-r--r--src/lbdecision.cc19
1 files changed, 12 insertions, 7 deletions
diff --git a/src/lbdecision.cc b/src/lbdecision.cc
index fcc19d0..e908c79 100644
--- a/src/lbdecision.cc
+++ b/src/lbdecision.cc
@@ -113,13 +113,13 @@ if so then this stuff goes here!
execute(string("iptables -t nat -I VYATTA_PRE_SNAT_HOOK 1 -j WANLOADBALANCE"), stdout);
}
//set up the conntrack table
- execute(string("iptables -t raw -N NAT_CONNTRACK"), stdout);
- execute(string("iptables -t raw -F NAT_CONNTRACK"), stdout);
- execute(string("iptables -t raw -A NAT_CONNTRACK -j ACCEPT"), stdout);
- execute(string("iptables -t raw -D PREROUTING 1"), stdout);
- execute(string("iptables -t raw -I PREROUTING 1 -j NAT_CONNTRACK"), stdout);
- execute(string("iptables -t raw -D OUTPUT 1"), stdout);
- execute(string("iptables -t raw -I OUTPUT 1 -j NAT_CONNTRACK"), stdout);
+ execute(string("iptables -t raw -N WLB_CONNTRACK"), stdout);
+ execute(string("iptables -t raw -F WLB_CONNTRACK"), stdout);
+ execute(string("iptables -t raw -A WLB_CONNTRACK -j ACCEPT"), stdout);
+ execute(string("iptables -t raw -D PREROUTING -j WLB_CONNTRACK"), stdout);
+ execute(string("iptables -t raw -I PREROUTING 1 -j WLB_CONNTRACK"), stdout);
+ execute(string("iptables -t raw -D OUTPUT -j WLB_CONNTRACK"), stdout);
+ execute(string("iptables -t raw -I OUTPUT 1 -j WLB_CONNTRACK"), stdout);
LBData::InterfaceHealthIter iter = lbdata._iface_health_coll.begin();
@@ -311,6 +311,11 @@ LBDecision::shutdown(LBData &data)
execute("iptables -t nat -F WANLOADBALANCE", stdout);
execute("iptables -t nat -D VYATTA_PRE_SNAT_HOOK -j WANLOADBALANCE", stdout);
+ //clear out conntrack hooks
+ execute(string("iptables -t raw -D PREROUTING -j WLB_CONNTRACK"), stdout);
+ execute(string("iptables -t raw -D OUTPUT -j WLB_CONNTRACK"), stdout);
+ execute(string("iptables -t raw -F WLB_CONNTRACK"), stdout);
+ execute(string("iptables -t raw -X WLB_CONNTRACK"), stdout);
//remove the policy entries
LBData::InterfaceHealthIter h_iter = data._iface_health_coll.begin();