mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-23 11:11:32 +02:00
Allow IPSEC options in masq file when there are no ipsec zones or hosts entries
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5129 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
46fa12c98b
commit
f75dc66534
@ -1832,6 +1832,7 @@ do_initialize() {
|
|||||||
COMMENT=
|
COMMENT=
|
||||||
VERSION_FILE=
|
VERSION_FILE=
|
||||||
LOGRULENUMBERS=
|
LOGRULENUMBERS=
|
||||||
|
ORIGINAL_POLICY_MATCH=
|
||||||
TMP_DIR=$(mktempdir)
|
TMP_DIR=$(mktempdir)
|
||||||
|
|
||||||
[ -n "$TMP_DIR" ] && chmod 700 $TMP_DIR || \
|
[ -n "$TMP_DIR" ] && chmod 700 $TMP_DIR || \
|
||||||
@ -1902,6 +1903,8 @@ do_initialize() {
|
|||||||
[ -f $f ] && . $f || startup_error "The -e flag requires a capabilities file"
|
[ -f $f ] && . $f || startup_error "The -e flag requires a capabilities file"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
ORIGINAL_POLICY_MATCH=$POLICY_MATCH
|
||||||
|
|
||||||
ADD_IP_ALIASES="$(added_param_value_yes ADD_IP_ALIASES $ADD_IP_ALIASES)"
|
ADD_IP_ALIASES="$(added_param_value_yes ADD_IP_ALIASES $ADD_IP_ALIASES)"
|
||||||
|
|
||||||
if [ -n "${LOGRATE}${LOGBURST}" ]; then
|
if [ -n "${LOGRATE}${LOGBURST}" ]; then
|
||||||
|
@ -35,6 +35,8 @@ setup_masq()
|
|||||||
|
|
||||||
do_ipsec_options() {
|
do_ipsec_options() {
|
||||||
local options="$(separate_list $ipsec)" option
|
local options="$(separate_list $ipsec)" option
|
||||||
|
[ -n "$ORIGINAL_POLICY_MATCH" ] || \
|
||||||
|
fatal_error "IPSEC options requires policy match support in your kernel and iptables"
|
||||||
policy="-m policy --pol ipsec --dir out"
|
policy="-m policy --pol ipsec --dir out"
|
||||||
|
|
||||||
for option in $options; do
|
for option in $options; do
|
||||||
@ -66,12 +68,12 @@ setup_masq()
|
|||||||
|
|
||||||
case $ipsec in
|
case $ipsec in
|
||||||
Yes|yes)
|
Yes|yes)
|
||||||
[ -n "$POLICY_MATCH" ] || \
|
[ -n "$ORIGINAL_POLICY_MATCH" ] || \
|
||||||
fatal_error "IPSEC=Yes requires policy match support in your kernel and iptables"
|
fatal_error "IPSEC=Yes requires policy match support in your kernel and iptables"
|
||||||
policy="-m policy --pol ipsec --dir out"
|
policy="-m policy --pol ipsec --dir out"
|
||||||
;;
|
;;
|
||||||
No|no)
|
No|no)
|
||||||
[ -n "$POLICY_MATCH" ] || \
|
[ -n "$ORIGINAL_POLICY_MATCH" ] || \
|
||||||
fatal_error "IPSEC=No requires policy match support in your kernel and iptables"
|
fatal_error "IPSEC=No requires policy match support in your kernel and iptables"
|
||||||
policy="-m policy --pol none --dir out"
|
policy="-m policy --pol none --dir out"
|
||||||
;;
|
;;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user