extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 11:41:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add IPSECNAT tunnel type; correct typo in spec file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@293 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-10-10 13:29:06 +00:00
parent 9b7bd2c786
commit 2c41dc5154
3 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Shorewall/firewall
View File

@ -1142,19 +1142,29 @@ setup_tunnels() # $1 = name of tunnels file
local inchain local inchain
local outchain local outchain
setup_one_ipsec() # $1 = gateway $2 = gateway zones setup_one_ipsec() # $1 = gateway $2 = Tunnel Kind $3 = gateway zones
{ {
options="-m state --state NEW -j ACCEPT" options="-m state --state NEW -j ACCEPT"
addrule $inchain -p 50 -s $1 -j ACCEPT addrule $inchain -p 50 -s $1 -j ACCEPT
addrule $outchain -p 50 -d $1 -j ACCEPT addrule $outchain -p 50 -d $1 -j ACCEPT
run_iptables -A $inchain -p 51 -s $1 -j ACCEPT run_iptables -A $inchain -p 51 -s $1 -j ACCEPT
run_iptables -A $outchain -p 51 -d $1 -j ACCEPT run_iptables -A $outchain -p 51 -d $1 -j ACCEPT
run_iptables -A $inchain -p udp -s $1 --sport 500 --dport 500 $options
run_iptables -A $outchain -p udp -d $1 --dport 500 --sport 500 $options
for z in `separate_list $2`; do if [ $2 = ipsec ]; then
run_iptables -A $inchain -p udp -s $1 --sport 500 --dport 500 $options
run_iptables -A $outchain -p udp -d $1 --dport 500 --sport 500 $options
else
run_iptables -A $inchain -p udp -s $1 --dport 500 $options
run_iptables -A $outchain -p udp -d $1 --sport 500 $options
fi
for z in `separate_list $3`; do
if validate_zone $z; then if validate_zone $z; then
addrule ${FW}2${z} -p udp --sport 500 --dport 500 $options if [ $2 = ipsec ]; then
addrule ${FW}2${z} -p udp --sport 500 --dport 500 $options
else
addrule ${FW}2${z} -p udp --sport 500 $options
fi
else else
error_message "Warning: Invalid gateway zone ($z)" \ error_message "Warning: Invalid gateway zone ($z)" \
" -- Tunnel \"$tunnel\" may encounter keying problems" " -- Tunnel \"$tunnel\" may encounter keying problems"
@ -1182,7 +1192,10 @@ setup_tunnels() # $1 = name of tunnels file
outchain=${FW}2${z} outchain=${FW}2${z}
case $kind in case $kind in
ipsec|IPSEC) ipsec|IPSEC)
setup_one_ipsec $gateway $z1 setup_one_ipsec $gateway ipsec $z1
;;
ipsecnat|IPSECNAT)
setup_one_ipsec $gateway ipsecnat $z1
;; ;;
ipip|IPIP) ipip|IPIP)
setup_one_other IPIP $gateway 4 setup_one_other IPIP $gateway 4

2
Shorewall/shorewall.spec
View File

@ -100,7 +100,7 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog %changelog
* Wed OCT 09 2002 Tom Eastep <tom@shorewall.net> * Wed Oct 09 2002 Tom Eastep <tom@shorewall.net>
- Changed version to 1.3.9b - Changed version to 1.3.9b
* Mon Sep 30 2002 Tom Eastep <tom@shorewall.net> * Mon Sep 30 2002 Tom Eastep <tom@shorewall.net>
- Changed version to 1.3.9a - Changed version to 1.3.9a

3
Shorewall/tunnels
View File

@ -9,7 +9,8 @@
# #
# The columns are: # The columns are:
# #
# TYPE -- must start in column 1 and be "ipsec", "ip" or "gre" # TYPE -- must start in column 1 and be "ipsec", "ipsecnat","ip"
# or "gre"
# #
# ZONE -- The zone of the physical interface through which # ZONE -- The zone of the physical interface through which
# tunnel traffic passes. This is normally your internet # tunnel traffic passes. This is normally your internet