extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-14 16:59:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix invalid policy match with vserver zone.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-07-02 12:18:18 -07:00
parent 364cddf99b
commit 261af19b4e
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2558,6 +2558,10 @@ sub match_ipsec_in( $$ ) {
unless ( $optionsref->{super} ) {
$match = '-m policy --dir in --pol ';
if ( $zoneref->{type} eq 'vserver' ) {
return '';
}
if ( $zoneref->{type} eq 'ipsec' ) {
$match .= "ipsec $optionsref->{in_out}{ipsec}$optionsref->{in}{ipsec}";
@ -2583,6 +2587,10 @@ sub match_ipsec_out( $$ ) {
unless ( $optionsref->{super} ) {
$match = '-m policy --dir out --pol ';
if ( $zoneref->{type} eq 'vserver' ) {
return '';
}
if ( $zoneref->{type} eq 'ipsec' ) {
$match .= "ipsec $optionsref->{in_out}{ipsec}$optionsref->{out}{ipsec}";
} elsif ( have_ipsec ) {