mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-25 15:48:56 +01:00
35 lines
910 B
Plaintext
35 lines
910 B
Plaintext
|
--- /home/teastep/shorewall/branches/3.4/Shorewall/lib.tunnels 2007-03-22 15:27:26.000000000 -0700
|
||
|
+++ lib.tunnels 2007-07-03 07:57:16.000000000 -0700
|
||
|
@@ -37,19 +37,28 @@
|
||
|
|
||
|
setup_one_ipsec() # $1 = Tunnel Kind $2 = gateway zones
|
||
|
{
|
||
|
- local kind=$1 noah=
|
||
|
+ local kind=$1 noah=noah
|
||
|
|
||
|
case $kind in
|
||
|
*:*)
|
||
|
noah=${kind#*:}
|
||
|
- [ $noah = noah -o $noah = NOAH ] || fatal_error "Invalid IPSEC modifier $noah in tunnel \"$tunnel\""
|
||
|
+ case $noah in
|
||
|
+ ah|AH)
|
||
|
+ noah=
|
||
|
+ ;;
|
||
|
+ noah|NOAH)
|
||
|
+ ;;
|
||
|
+ *)
|
||
|
+ fatal_error "Invalid IPSEC modifier $noah in tunnel \"$tunnel\""
|
||
|
+ ;;
|
||
|
+ esac
|
||
|
kind=${kind%:*}
|
||
|
;;
|
||
|
esac
|
||
|
|
||
|
[ $kind = IPSEC ] && kind=ipsec
|
||
|
|
||
|
- [ $kind = ipsec ] || noah=noah
|
||
|
+ [ $kind = ipsec ] || [ "$noah" = noah ] || fatal_error ":ah not allowed on ipsecnat tunnels"
|
||
|
|
||
|
options="-m state --state NEW -j ACCEPT"
|
||
|
addrule2 $inchain -p 50 $source -j ACCEPT
|