extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-23 14:48:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tone down ipsecnat rules a bit

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@294 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-10-11 17:19:06 +00:00
parent 2c41dc5154
commit 912681428b
1 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/firewall
View File

@ -1150,21 +1150,17 @@ setup_tunnels() # $1 = name of tunnels file
run_iptables -A $inchain -p 51 -s $1 -j ACCEPT run_iptables -A $inchain -p 51 -s $1 -j ACCEPT
run_iptables -A $outchain -p 51 -d $1 -j ACCEPT run_iptables -A $outchain -p 51 -d $1 -j ACCEPT
run_iptables -A $outchain -p udp -d $1 --dport 500 --sport 500 $options
if [ $2 = ipsec ]; then if [ $2 = ipsec ]; then
run_iptables -A $inchain -p udp -s $1 --sport 500 --dport 500 $options run_iptables -A $inchain -p udp -s $1 --sport 500 --dport 500 $options
run_iptables -A $outchain -p udp -d $1 --dport 500 --sport 500 $options
else else
run_iptables -A $inchain -p udp -s $1 --dport 500 $options run_iptables -A $inchain -p udp -s $1 --dport 500 $options
run_iptables -A $outchain -p udp -d $1 --sport 500 $options
fi fi
for z in `separate_list $3`; do for z in `separate_list $3`; do
if validate_zone $z; then if validate_zone $z; then
if [ $2 = ipsec ]; then
addrule ${FW}2${z} -p udp --sport 500 --dport 500 $options addrule ${FW}2${z} -p udp --sport 500 --dport 500 $options
else
addrule ${FW}2${z} -p udp --sport 500 $options
fi
else else
error_message "Warning: Invalid gateway zone ($z)" \ error_message "Warning: Invalid gateway zone ($z)" \
" -- Tunnel \"$tunnel\" may encounter keying problems" " -- Tunnel \"$tunnel\" may encounter keying problems"