From e6bd1a9a9a1c4bf0f6ac2ff5a6a2b38c8d8a0cec Mon Sep 17 00:00:00 2001
From: John Southworth <john.southworth@vyatta.com>
Date: Wed, 13 Jun 2012 10:11:21 -0700
Subject: Remove IPS from zone

---
 templates-cfg/zone-policy/zone/node.def            | 14 -------
 .../content-inspection/.ipv6-enable/node.def       | 46 ----------------------
 .../node.tag/content-inspection/enable/node.def    | 46 ----------------------
 .../from/node.tag/content-inspection/node.def      |  1 -
 .../zone-policy/zone/node.tag/interface/node.def   | 16 --------
 .../zone-policy/zone/node.tag/local-zone/node.def  | 14 -------
 6 files changed, 137 deletions(-)
 delete mode 100644 templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/.ipv6-enable/node.def
 delete mode 100644 templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/enable/node.def
 delete mode 100644 templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/node.def

(limited to 'templates-cfg')

diff --git a/templates-cfg/zone-policy/zone/node.def b/templates-cfg/zone-policy/zone/node.def
index 4845c2f..1d10bb4 100644
--- a/templates-cfg/zone-policy/zone/node.def
+++ b/templates-cfg/zone-policy/zone/node.def
@@ -17,13 +17,6 @@ create:
 	  exit 1
 	fi
 
-	# ips zone actions
-	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl	\
-	  --action=add-zone				\
-	  --zone-name="$VAR(@)"; then
-	  exit 1
-	fi
-
 delete: 
 	# fw zone actions
 	if ! /opt/vyatta/sbin/vyatta-zone.pl		\
@@ -31,10 +24,3 @@ delete:
 	  --zone-name="$VAR(@)"; then
 	  exit 1
 	fi
-
-	# ips zone actions
-	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl	\
-	  --action=delete-zone				\
-	  --zone-name="$VAR(@)"; then
-	  exit 1
-	fi
diff --git a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/.ipv6-enable/node.def b/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/.ipv6-enable/node.def
deleted file mode 100644
index 87a2ea1..0000000
--- a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/.ipv6-enable/node.def
+++ /dev/null
@@ -1,46 +0,0 @@
-help: Option to enable IPv6 content-inspection
-
-# check if traffic-filter is set
-commit:expression:
-exec "
-if cli-shell-api existsEffective                        \
-content-inspection traffic-filter ipv6-preset; then     \
-        exit 0;                                         \
-fi;                                                     \
-if cli-shell-api existsEffective                        \
-content-inspection traffic-filter ipv6-custom; then     \
-        exit 0;                                         \
-fi;                                                     \
-echo IPv6 content-inspection traffic-filter not set;    \
-exit 1"
-
-# make sure inspect-all is not enabled
-commit:expression:
-exec "
-if ! cli-shell-api existsEffective                              \
-content-inspection inspect-all ipv6-enable; then                \
-        exit 0;                                                 \
-fi;                                                             \
-echo IPv6 content-inspection enabled for all traffic. Not       \
-allowed to configure inspection on a per-zone basis.;           \
-exit 1"
-
-create:
-	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl	\
-	  --action=add-fromzone-ips			\
-	  --zone-name="$VAR(../../../@)"		\
-	  --from-zone="$VAR(../../@)"			\
-	  --ruleset-type=ipv6-name			\
-	  --ruleset-name=VYATTA_SNORT_all_HOOK; then
-	  exit 1
-	fi
-
-delete:
-	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl	\
-	  --action=delete-fromzone-ips			\
-	  --zone-name="$VAR(../../../@)"		\
-	  --from-zone="$VAR(../../@)"			\
-	  --ruleset-type=ipv6-name			\
-	  --ruleset-name=VYATTA_SNORT_all_HOOK; then
-	  exit 1
-	fi
diff --git a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/enable/node.def b/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/enable/node.def
deleted file mode 100644
index 484780a..0000000
--- a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/enable/node.def
+++ /dev/null
@@ -1,46 +0,0 @@
-help: Option to enable IPv4 content-inspection
-
-# check if traffic-filter is set
-commit:expression:
-exec "
-if cli-shell-api existsEffective                        \
-content-inspection traffic-filter preset; then          \
-        exit 0;                                         \
-fi;                                                     \
-if cli-shell-api existsEffective                        \
-content-inspection traffic-filter custom; then          \
-        exit 0;                                         \
-fi;                                                     \
-echo IPv4 content-inspection traffic-filter not set;    \
-exit 1"
-
-# make sure inspect-all is not enabled
-commit:expression:
-exec "
-if ! cli-shell-api existsEffective                              \
-content-inspection inspect-all enable; then                     \
-        exit 0;                                                 \
-fi;                                                             \
-echo IPv4 content-inspection enabled for all traffic. Not       \
-allowed to configure inspection on a per-zone basis.;           \
-exit 1"
-
-create:
-	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl	\
-	  --action=add-fromzone-ips			\
-	  --zone-name="$VAR(../../../@)"		\
-	  --from-zone="$VAR(../../@)"			\
-	  --ruleset-type=name				\
-	  --ruleset-name=VYATTA_SNORT_all_HOOK; then
-	  exit 1
-	fi
-
-delete:
-	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl	\
-	  --action=delete-fromzone-ips			\
-	  --zone-name="$VAR(../../../@)"		\
-	  --from-zone="$VAR(../../@)"			\
-	  --ruleset-type=name				\
-	  --ruleset-name=VYATTA_SNORT_all_HOOK; then
-	  exit 1
-	fi
diff --git a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/node.def b/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/node.def
deleted file mode 100644
index 9ba25ef..0000000
--- a/templates-cfg/zone-policy/zone/node.tag/from/node.tag/content-inspection/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help: Content-inspection options
diff --git a/templates-cfg/zone-policy/zone/node.tag/interface/node.def b/templates-cfg/zone-policy/zone/node.tag/interface/node.def
index c9137c4..ab16aa5 100644
--- a/templates-cfg/zone-policy/zone/node.tag/interface/node.def
+++ b/templates-cfg/zone-policy/zone/node.tag/interface/node.def
@@ -16,14 +16,6 @@ create:
 	  exit 1
 	fi
 
-	# ips zone actions
-	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl    	\
-	  --action=add-zone-interface           	\
-	  --zone-name="$VAR(../@)"              	\
-	  --interface="$VAR(@)"; then
-	  exit 1
-	fi
-
 delete: 
 	# fw zone actions
 	if ! /opt/vyatta/sbin/vyatta-zone.pl 		\
@@ -32,11 +24,3 @@ delete:
 	  --interface="$VAR(@)"; then
 	  exit 1
 	fi
-
-	# ips zone actions
-	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl    	\
-	  --action=delete-zone-interface        	\
-	  --zone-name="$VAR(../@)"              	\
-	  --interface="$VAR(@)"; then
-	  exit 1
-	fi
diff --git a/templates-cfg/zone-policy/zone/node.tag/local-zone/node.def b/templates-cfg/zone-policy/zone/node.tag/local-zone/node.def
index 07c3d55..22be69b 100644
--- a/templates-cfg/zone-policy/zone/node.tag/local-zone/node.def
+++ b/templates-cfg/zone-policy/zone/node.tag/local-zone/node.def
@@ -8,13 +8,6 @@ create:
 	  exit 1
 	fi
 
-	# ips zone actions
-	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl	\
-	  --action=add-localzone			\
-	  --zone-name="$VAR(../@)"; then
-	  exit 1
-	fi
-
 delete: 
 	# fw zone actions
 	if ! /opt/vyatta/sbin/vyatta-zone.pl		\
@@ -22,10 +15,3 @@ delete:
 	  --zone-name="$VAR(../@)"; then
 	  exit 1
 	fi
-
-	# ips zone actions
-	if ! /opt/vyatta/sbin/vyatta-zone-ips.pl	\
-	  --action=delete-localzone			\
-	  --zone-name="$VAR(../@)"; then
-	  exit 1
-	fi
-- 
cgit v1.2.3