From f5d4acc57b09437a0c0ab134e43701ba608cbf47 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 19 Aug 2004 15:21:32 +0000 Subject: [PATCH] More IPSEC tweaks git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1555 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/firewall | 9 ++++++++- Shorewall2/ipsec | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Shorewall2/firewall b/Shorewall2/firewall index b6b100fc2..fa643b70b 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1680,7 +1680,11 @@ setup_ipsec() { ;; esac done - eval ${zone}_ipsec_options=\"${newoptions# }\" + + if [ -n "$newoptions" ]; then + eval ${zone}_is_complex=Yes + eval ${zone}_ipsec_options=\"${newoptions# }\" + fi } strip_file ipsec $1 @@ -1688,6 +1692,8 @@ setup_ipsec() { while read zone ipsec options; do expandv zone ipsec options + [ -n "$POLICY_MATCH" ] || fatal_error "Your kernel and/or iptables does not support policy match" + validate_zone1 $zone || fatal_error "Unknown zone: $zone" case $ipsec in @@ -1695,6 +1701,7 @@ setup_ipsec() { ;; Yes|yes) eval ${zone}_is_ipsec=Yes + eval ${zone}_is_complex=Yes ;; *) fatal_error "Invalid IPSEC column value: $ipsec" diff --git a/Shorewall2/ipsec b/Shorewall2/ipsec index 2b290e91f..9413de096 100644 --- a/Shorewall2/ipsec +++ b/Shorewall2/ipsec @@ -21,7 +21,7 @@ # option for the SPD level. # # spi= where is the SPI of -# the SA. +# the SA used to encrypt/decrypt packets. # # proto=ah|esp|ipcomp #