mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-24 15:18:53 +01:00
More IPSEC tweaks
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1555 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
16487eb51a
commit
f5d4acc57b
@ -1680,7 +1680,11 @@ setup_ipsec() {
|
||||
;;
|
||||
esac
|
||||
done
|
||||
eval ${zone}_ipsec_options=\"${newoptions# }\"
|
||||
|
||||
if [ -n "$newoptions" ]; then
|
||||
eval ${zone}_is_complex=Yes
|
||||
eval ${zone}_ipsec_options=\"${newoptions# }\"
|
||||
fi
|
||||
}
|
||||
|
||||
strip_file ipsec $1
|
||||
@ -1688,6 +1692,8 @@ setup_ipsec() {
|
||||
while read zone ipsec options; do
|
||||
expandv zone ipsec options
|
||||
|
||||
[ -n "$POLICY_MATCH" ] || fatal_error "Your kernel and/or iptables does not support policy match"
|
||||
|
||||
validate_zone1 $zone || fatal_error "Unknown zone: $zone"
|
||||
|
||||
case $ipsec in
|
||||
@ -1695,6 +1701,7 @@ setup_ipsec() {
|
||||
;;
|
||||
Yes|yes)
|
||||
eval ${zone}_is_ipsec=Yes
|
||||
eval ${zone}_is_complex=Yes
|
||||
;;
|
||||
*)
|
||||
fatal_error "Invalid IPSEC column value: $ipsec"
|
||||
|
@ -21,7 +21,7 @@
|
||||
# option for the SPD level.
|
||||
#
|
||||
# spi=<number> where <number> is the SPI of
|
||||
# the SA.
|
||||
# the SA used to encrypt/decrypt packets.
|
||||
#
|
||||
# proto=ah|esp|ipcomp
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user