Allow IPSEC options in masq file when there are no ipsec zones or hosts entries

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5129 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-12-18 18:44:48 +00:00
parent 46fa12c98b
commit f75dc66534
2 changed files with 7 additions and 2 deletions

View File

@ -1832,6 +1832,7 @@ do_initialize() {
COMMENT= COMMENT=
VERSION_FILE= VERSION_FILE=
LOGRULENUMBERS= LOGRULENUMBERS=
ORIGINAL_POLICY_MATCH=
TMP_DIR=$(mktempdir) TMP_DIR=$(mktempdir)
[ -n "$TMP_DIR" ] && chmod 700 $TMP_DIR || \ [ -n "$TMP_DIR" ] && chmod 700 $TMP_DIR || \
@ -1902,6 +1903,8 @@ do_initialize() {
[ -f $f ] && . $f || startup_error "The -e flag requires a capabilities file" [ -f $f ] && . $f || startup_error "The -e flag requires a capabilities file"
fi fi
ORIGINAL_POLICY_MATCH=$POLICY_MATCH
ADD_IP_ALIASES="$(added_param_value_yes ADD_IP_ALIASES $ADD_IP_ALIASES)" ADD_IP_ALIASES="$(added_param_value_yes ADD_IP_ALIASES $ADD_IP_ALIASES)"
if [ -n "${LOGRATE}${LOGBURST}" ]; then if [ -n "${LOGRATE}${LOGBURST}" ]; then

View File

@ -35,6 +35,8 @@ setup_masq()
do_ipsec_options() { do_ipsec_options() {
local options="$(separate_list $ipsec)" option local options="$(separate_list $ipsec)" option
[ -n "$ORIGINAL_POLICY_MATCH" ] || \
fatal_error "IPSEC options requires policy match support in your kernel and iptables"
policy="-m policy --pol ipsec --dir out" policy="-m policy --pol ipsec --dir out"
for option in $options; do for option in $options; do
@ -66,12 +68,12 @@ setup_masq()
case $ipsec in case $ipsec in
Yes|yes) Yes|yes)
[ -n "$POLICY_MATCH" ] || \ [ -n "$ORIGINAL_POLICY_MATCH" ] || \
fatal_error "IPSEC=Yes requires policy match support in your kernel and iptables" fatal_error "IPSEC=Yes requires policy match support in your kernel and iptables"
policy="-m policy --pol ipsec --dir out" policy="-m policy --pol ipsec --dir out"
;; ;;
No|no) No|no)
[ -n "$POLICY_MATCH" ] || \ [ -n "$ORIGINAL_POLICY_MATCH" ] || \
fatal_error "IPSEC=No requires policy match support in your kernel and iptables" fatal_error "IPSEC=No requires policy match support in your kernel and iptables"
policy="-m policy --pol none --dir out" policy="-m policy --pol none --dir out"
;; ;;