More IPSEC tweaks

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1555 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-08-19 15:21:32 +00:00
parent 16487eb51a
commit f5d4acc57b
2 changed files with 9 additions and 2 deletions

View File

@ -1680,7 +1680,11 @@ setup_ipsec() {
;;
esac
done
eval ${zone}_ipsec_options=\"${newoptions# }\"
if [ -n "$newoptions" ]; then
eval ${zone}_is_complex=Yes
eval ${zone}_ipsec_options=\"${newoptions# }\"
fi
}
strip_file ipsec $1
@ -1688,6 +1692,8 @@ setup_ipsec() {
while read zone ipsec options; do
expandv zone ipsec options
[ -n "$POLICY_MATCH" ] || fatal_error "Your kernel and/or iptables does not support policy match"
validate_zone1 $zone || fatal_error "Unknown zone: $zone"
case $ipsec in
@ -1695,6 +1701,7 @@ setup_ipsec() {
;;
Yes|yes)
eval ${zone}_is_ipsec=Yes
eval ${zone}_is_complex=Yes
;;
*)
fatal_error "Invalid IPSEC column value: $ipsec"

View File

@ -21,7 +21,7 @@
# option for the SPD level.
#
# spi=<number> where <number> is the SPI of
# the SA.
# the SA used to encrypt/decrypt packets.
#
# proto=ah|esp|ipcomp
#