Fix ipsecnat tunnels

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5637 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-22 22:27:26 +00:00
parent 627a5afe57
commit 8f5d49a517
3 changed files with 6 additions and 0 deletions

View File

@ -7,6 +7,8 @@ Changes in 3.4.2
3) Fix 'none[!]' and built-in actions. 3) Fix 'none[!]' and built-in actions.
4) Fix 'ipsecnat' tunnels.
Changes in 3.4.1 Changes in 3.4.1
1) Add rest of proxy arp fix. 1) Add rest of proxy arp fix.

View File

@ -67,6 +67,7 @@ setup_tunnels() # $1 = name of tunnels file
else else
run_iptables -A $inchain -p udp $source --dport 500 $options run_iptables -A $inchain -p udp $source --dport 500 $options
run_iptables -A $inchain -p udp $source --dport 4500 $options run_iptables -A $inchain -p udp $source --dport 4500 $options
run_iptables -A $outchain -p udp $dest --dport 4500 $options
fi fi
for z in $(separate_list $2); do for z in $(separate_list $2); do

View File

@ -43,6 +43,9 @@ Problems corrected in Shorewall 3.4.2
Shorewall now correctly suppresses generation of log messages when Shorewall now correctly suppresses generation of log messages when
a log level of 'none' or 'none!' is given to a built-in action. a log level of 'none' or 'none!' is given to a built-in action.
4) Tunnels of type 'ipsecnat' would sometimes fail to work because of
a missing rule.
Migration Considerations: Migration Considerations:
If you are migrating from a Shorewall version earlier than 3.2.0 then If you are migrating from a Shorewall version earlier than 3.2.0 then