extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Corrections to ipsec and dynamic zones

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1815 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-12-09 03:20:33 +00:00
parent f71bf18e0f
commit 0e983c8fc2
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall2/firewall
View File

@ -6938,17 +6938,17 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
# #
# Delete any nat table entries for the host(s) # Delete any nat table entries for the host(s)
# #
qt_iptables -t nat -D $(dynamic_in $interface) $(match_source_hosts $host) $(match_ipsec_in $zone $newhost) -j ${zone}_dnat qt_iptables -t nat -D $(dynamic_in $interface) $(match_source_hosts $host) $(match_ipsec_in $zone $delhost) -j ${zone}_dnat
# #
# Delete rules rules the input chains for the passed interface # Delete rules rules the input chains for the passed interface
# #
while read z1 z2 chain; do while read z1 z2 chain; do
if [ "$z1" = "$zone" ]; then if [ "$z1" = "$zone" ]; then
if [ "$z2" = "$FW" ]; then if [ "$z2" = "$FW" ]; then
qt_iptables -D $(dynamic_in $interface) $(match_source_hosts $host) $(match_ipsec_in $z1 $newhost) -j $chain qt_iptables -D $(dynamic_in $interface) $(match_source_hosts $host) $(match_ipsec_in $z1 $delhost) -j $chain
else else
source_chain=$(dynamic_fwd $interface) source_chain=$(dynamic_fwd $interface)
if is_ipsec_host $z1 $newhost ; then if is_ipsec_host $z1 $delhost ; then
do_iptables -D $source_chain $(match_source_hosts $host) $(match_ipsec_in $z1 $newhost) -j ${z1}_frwd do_iptables -D $source_chain $(match_source_hosts $host) $(match_ipsec_in $z1 $newhost) -j ${z1}_frwd
else else
eval dest_hosts=\"\$${z2}_hosts\" eval dest_hosts=\"\$${z2}_hosts\"