2008-03-14 03:07:28 +01:00
|
|
|
--- ../../3.4/Shorewall/lib.tunnels 2007-10-26 19:10:45.000000000 -0400
|
|
|
|
+++ lib.tunnels 2008-03-09 15:55:46.000000000 -0400
|
|
|
|
@@ -1,6 +1,6 @@
|
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
-# Shorewall 3.4 -- /usr/share/shorewall/lib.tunnels
|
|
|
|
+# Shorewall 4.1 -- /usr/share/shorewall/lib.tunnels
|
|
|
|
#
|
|
|
|
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
|
|
|
#
|
|
|
|
@@ -37,19 +37,31 @@
|
2007-07-03 17:20:24 +02:00
|
|
|
|
|
|
|
setup_one_ipsec() # $1 = Tunnel Kind $2 = gateway zones
|
|
|
|
{
|
|
|
|
- local kind=$1 noah=
|
2008-03-14 03:07:28 +01:00
|
|
|
+ local kind
|
|
|
|
+ kind=$1
|
|
|
|
+ local noah
|
|
|
|
+ noah=noah
|
2007-07-03 17:20:24 +02:00
|
|
|
|
|
|
|
case $kind in
|
|
|
|
*:*)
|
|
|
|
noah=${kind#*:}
|
|
|
|
- [ $noah = noah -o $noah = NOAH ] || fatal_error "Invalid IPSEC modifier $noah in tunnel \"$tunnel\""
|
|
|
|
+ case $noah in
|
|
|
|
+ ah|AH)
|
|
|
|
+ noah=
|
|
|
|
+ ;;
|
|
|
|
+ noah|NOAH)
|
|
|
|
+ ;;
|
|
|
|
+ *)
|
|
|
|
+ fatal_error "Invalid IPSEC modifier $noah in tunnel \"$tunnel\""
|
|
|
|
+ ;;
|
|
|
|
+ esac
|
|
|
|
kind=${kind%:*}
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
[ $kind = IPSEC ] && kind=ipsec
|
|
|
|
|
|
|
|
- [ $kind = ipsec ] || noah=noah
|
|
|
|
+ [ $kind = ipsec ] || [ "$noah" = noah ] || fatal_error ":ah not allowed on ipsecnat tunnels"
|
|
|
|
|
|
|
|
options="-m state --state NEW -j ACCEPT"
|
|
|
|
addrule2 $inchain -p 50 $source -j ACCEPT
|
2008-03-14 03:07:28 +01:00
|
|
|
@@ -125,8 +137,10 @@
|
|
|
|
|
|
|
|
setup_one_openvpn() # $1 = kind[:port]
|
|
|
|
{
|
|
|
|
- local protocol=udp
|
|
|
|
- local p=1194
|
|
|
|
+ local protocol
|
|
|
|
+ protocol=udp
|
|
|
|
+ local p
|
|
|
|
+ p=1194
|
|
|
|
|
|
|
|
case $1 in
|
|
|
|
*:*:*)
|
|
|
|
@@ -150,8 +164,10 @@
|
|
|
|
|
|
|
|
setup_one_openvpn_server() # $1 = kind[:port]
|
|
|
|
{
|
|
|
|
- local protocol=udp
|
|
|
|
- local p=1194
|
|
|
|
+ local protocol
|
|
|
|
+ protocol=udp
|
|
|
|
+ local p
|
|
|
|
+ p=1194
|
|
|
|
|
|
|
|
case $1 in
|
|
|
|
*:*:*)
|
|
|
|
@@ -175,8 +191,10 @@
|
|
|
|
|
|
|
|
setup_one_openvpn_client() # $1 = kind[:port]
|
|
|
|
{
|
|
|
|
- local protocol=udp
|
|
|
|
- local p=1194
|
|
|
|
+ local protocol
|
|
|
|
+ protocol=udp
|
|
|
|
+ local p
|
|
|
|
+ p=1194
|
|
|
|
|
|
|
|
case $1 in
|
|
|
|
*:*:*)
|
|
|
|
@@ -201,7 +219,8 @@
|
|
|
|
setup_one_generic() # $1 = kind:protocol[:port]
|
|
|
|
{
|
|
|
|
local protocol
|
|
|
|
- local p=
|
|
|
|
+ local p
|
|
|
|
+ p=
|
|
|
|
|
|
|
|
case $1 in
|
|
|
|
*:*:*)
|