From 7fe51e06b67733195ad30188eec40b4bff15a350 Mon Sep 17 00:00:00 2001
From: Edison Su <Edison.Su@citrix.com>
Date: Thu, 10 Nov 2011 17:56:40 -0800
Subject: [PATCH] bug 11835: don't return error if it's delete firewall rules
 status 11835: resolved fixed Reviewed-by: frank

---
 .../systemvm/debian/config/root/firewall.sh   | 21 +++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/patches/systemvm/debian/config/root/firewall.sh b/patches/systemvm/debian/config/root/firewall.sh
index da83f40c415..d16e539a862 100755
--- a/patches/systemvm/debian/config/root/firewall.sh
+++ b/patches/systemvm/debian/config/root/firewall.sh
@@ -258,8 +258,13 @@ then
     one_to_one_fw_entry $publicIp $instanceIp  $protocol $dport $op
   fi
   result=$?
-  [ "$result" -ne 0 ] && cat $OUTFILE >&2
+  if [ "$result" -ne 0 ] && [ "$op" != "-D" ]; then
+      cat $OUTFILE >&2
+  fi
   rm -f $OUTFILE
+  if [ "$op" == "-D" ];then
+     result=0
+  fi
   unlock_exit $result $lock $locked
 fi
 
@@ -271,14 +276,22 @@ fi
 case $protocol  in
   tcp|udp)    
         tcp_or_udp_entry $instanceIp $dport $publicIp $ports $op $protocol $cidrs
-                result=$?
-                [ "$result" -ne 0 ] && cat $OUTFILE >&2
-                rm -f $OUTFILE
+        result=$?
+        if [ "$result" -ne 0 ] && [ "$op" != "-D" ];then
+           cat $OUTFILE >&2
+        fi
+        rm -f $OUTFILE
+        if [ "$op" == "-D" ];then
+           result=0
+        fi
         unlock_exit $result $lock $locked
         ;;
   "icmp")  
   
         icmp_entry $instanceIp $icmptype $publicIp $op 
+        if [ "$op" == "-D" ];then
+           result=0
+        fi
         unlock_exit $? $lock $locked
         ;;
       *)