extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-01 07:25:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix ipsec tunnels

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6238 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-05-04 18:55:57 +00:00
parent caf7d528be
commit 0360d0aea0
2 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-perl/Shorewall/Rules.pm
View File

@ -1200,7 +1200,7 @@ sub process_rule ( $$$$$$$$$$ ) {
}
} else {
my $destzone = (split /:/, $dest)[0];
$destzone = $firewall_zone unless $zones{$destzone}; # We will revalidate the destination zone in process_rule1
$destzone = $firewall_zone unless $zones{$destzone}; # We do this to allow 'REDIRECT all ...'; process_rule1 will catch the case where the dest zone is invalid
my $policychainref = $filter_table->{"${zone}2${destzone}"}{policychain};
if ( $intrazone || ( $zone ne $destzone ) ) {
fatal_error "No policy from zone $zone to zone $destzone" unless $policychainref;

2
Shorewall-perl/Shorewall/Tunnels.pm
View File

@ -69,6 +69,7 @@ sub setup_tunnels() {
add_rule $outchainref, "-p udp $dest -m multiport --dports 500,4500 $options";
}
unless ( $gatewayzones eq '-' ) {
for my $zone ( split /,/, $gatewayzones ) {
fatal_error "Invalid zone ($zone)" unless $zones{$zone}{type} eq 'ipv4';
$inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1;
@ -93,6 +94,7 @@ sub setup_tunnels() {
}
}
}
}
sub setup_one_other {
my ($inchainref, $outchainref, $kind, $source, $dest , $protocol) = @_;