extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-03 00:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Don't subject IPSEC traffic to rfc1918 filtering

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4810 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-11-08 15:56:25 +00:00
parent 60aec9802d
commit 9638a08920
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall/compiler
View File

@ -3537,6 +3537,9 @@ setup_blacklist() {
add_common_rules() { add_common_rules() {
local savelogparms="$LOGPARMS" local savelogparms="$LOGPARMS"
local broadcasts="$(find_broadcasts) 255.255.255.255 224.0.0.0/4" local broadcasts="$(find_broadcasts) 255.255.255.255 224.0.0.0/4"
local policy
[ -n "$POLICY_MATCH" ] && policy="-m policy --pol $ipsec --dir in" || policy=
# #
# Populate the smurf chain # Populate the smurf chain
# #
@ -3632,7 +3635,6 @@ __EOF__
for host in $hosts; do for host in $hosts; do
ipsec=${host%^*} ipsec=${host%^*}
host=${host#*^} host=${host#*^}
[ -n "$POLICY_MATCH" ] && policy="-m policy --pol $ipsec --dir in" || policy=
interface=${host%%:*} interface=${host%%:*}
network=${host#*:} network=${host#*:}
@ -3745,7 +3747,6 @@ __EOF__
for host in $hosts; do for host in $hosts; do
ipsec=${host%^*} ipsec=${host%^*}
host=${host#*^} host=${host#*^}
[ -n "$POLICY_MATCH" ] && policy="-m policy --pol $ipsec --dir in" || policy=
interface=${host%%:*} interface=${host%%:*}
networks=${host#*:} networks=${host#*:}
@ -3754,7 +3755,7 @@ __EOF__
done done
[ -n "$MANGLE_ENABLED" -a -z "$CONNTRACK_MATCH" ] && \ [ -n "$MANGLE_ENABLED" -a -z "$CONNTRACK_MATCH" ] && \
run_iptables -t mangle -A PREROUTING -m state --state NEW -i $interface $(match_source_hosts $networks) -j man1918 run_iptables -t mangle -A PREROUTING -m state --state NEW -i $interface $(match_source_hosts $networks) $policy -j man1918
done done
fi fi