extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-22 18:51:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Disallow FASTACCEPT with IPSEC

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-04-08 22:58:46 +00:00
parent 92481b4e36
commit dacc29c577
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-perl/Shorewall/Zones.pm
View File

@ -273,6 +273,7 @@ sub determine_zones()
$type = 'ipv4'; $type = 'ipv4';
$ipv4 = 1; $ipv4 = 1;
} elsif ( $type =~ /^ipsec4?$/i ) { } elsif ( $type =~ /^ipsec4?$/i ) {
fatal_error "IPSEC Zones require FASTACCEPT=No" if $config{FASTACCEPT};
$type = 'ipsec4'; $type = 'ipsec4';
} elsif ( $type =~ /^bport4?$/i ) { } elsif ( $type =~ /^bport4?$/i ) {
warning_message "Bridge Port zones should have a parent zone" unless @parents; warning_message "Bridge Port zones should have a parent zone" unless @parents;
@ -969,6 +970,7 @@ sub validate_hosts_file()
for my $option ( @options ) for my $option ( @options )
{ {
if ( $option eq 'ipsec' ) { if ( $option eq 'ipsec' ) {
fatal_error "'ipsec' requires FASTACCEPT=No" if $config{FASTACCEPT};
$type = 'ipsec4'; $type = 'ipsec4';
$zoneref->{options}{complex} = 1; $zoneref->{options}{complex} = 1;
$ipsec = 1; $ipsec = 1;