forked from extern/shorewall_code
Fix nested IPSEC zones
This commit is contained in:
parent
608d7b11da
commit
383f3e8bcf
@ -1694,7 +1694,7 @@ sub generate_matrix() {
|
||||
add_jump(
|
||||
$sourcechainref,
|
||||
source_exclusion( $hostref->{exclusions}, $frwd_ref ),
|
||||
1,
|
||||
! @{$zoneref->{parents}},
|
||||
join( '', $interfacematch , match_source_net( $net ), $ipsec_match )
|
||||
);
|
||||
}
|
||||
|
@ -16,6 +16,8 @@ Changes in Shorewall 4.4.1
|
||||
|
||||
8) Fix log level in rules at the end of INPUT and OUTPUT chains.
|
||||
|
||||
9) Fix nested ipsec zones.
|
||||
|
||||
Changes in Shorewall 4.4.0
|
||||
|
||||
1) Fix 'compile ... -' so that it no longer requires '-v-1'
|
||||
|
@ -173,6 +173,8 @@ Shorewall 4.4.1
|
||||
rules at the end of the INPUT and OUTPUT chains would still use the
|
||||
LOG target rather than ULOG.
|
||||
|
||||
2) Using CONTINUE policies with a nested IPSEC zone was broken.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
K N O W N P R O B L E M S R E M A I N I N G
|
||||
----------------------------------------------------------------------------
|
||||
|
Loading…
Reference in New Issue
Block a user