mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-24 15:18:53 +01:00
Merge branch 'master' into 4.5.7
This commit is contained in:
commit
3c35af9d8c
@ -951,7 +951,7 @@ sub compatible( $$ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return ! ( $ref1->{policy} && $ref2->{policy} );
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -1536,7 +1536,7 @@ sub handle_complex_zone( $$ ) {
|
|||||||
|
|
||||||
if ( have_ipsec ) {
|
if ( have_ipsec ) {
|
||||||
#
|
#
|
||||||
# Prior to KLUDGEFREE, policy match could only match an 'in' or an 'out' policy (but not both), so we place the
|
# In general, policy match can only match an 'in' or an 'out' policy (but not both), so we place the
|
||||||
# '--pol ipsec --dir in' rules at the front of the (interface) forwarding chains. Otherwise, decrypted packets
|
# '--pol ipsec --dir in' rules at the front of the (interface) forwarding chains. Otherwise, decrypted packets
|
||||||
# can match '--pol none --dir out' rules and send the packets down the wrong rules chain.
|
# can match '--pol none --dir out' rules and send the packets down the wrong rules chain.
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user