mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-19 21:01:20 +01:00
Merge branch 'master' into 4.5.7
This commit is contained in:
commit
3c35af9d8c
@ -951,7 +951,7 @@ sub compatible( $$ ) {
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
return ! ( $ref1->{policy} && $ref2->{policy} );
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -1536,7 +1536,7 @@ sub handle_complex_zone( $$ ) {
|
||||
|
||||
if ( have_ipsec ) {
|
||||
#
|
||||
# Prior to KLUDGEFREE, policy match could only match an 'in' or an 'out' policy (but not both), so we place the
|
||||
# In general, policy match can only match an 'in' or an 'out' policy (but not both), so we place the
|
||||
# '--pol ipsec --dir in' rules at the front of the (interface) forwarding chains. Otherwise, decrypted packets
|
||||
# can match '--pol none --dir out' rules and send the packets down the wrong rules chain.
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user