From 912681428b702f2cef1c7abfee2d3b60467b97e5 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 11 Oct 2002 17:19:06 +0000
Subject: [PATCH] Tone down ipsecnat rules a bit

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@294 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index 323ccb663..d41b5a4f8 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -1150,21 +1150,17 @@ setup_tunnels() # $1 = name of tunnels file
 	run_iptables -A $inchain  -p 51	 -s $1 -j ACCEPT
 	run_iptables -A $outchain -p 51	 -d $1 -j ACCEPT
 
+	run_iptables -A $outchain -p udp -d $1 --dport 500 --sport 500 $options
+	
 	if [ $2 = ipsec ]; then
 	    run_iptables -A $inchain  -p udp -s $1 --sport 500 --dport 500 $options
-	    run_iptables -A $outchain -p udp -d $1 --dport 500 --sport 500 $options
 	else
 	    run_iptables -A $inchain  -p udp -s $1 --dport 500 $options
-	    run_iptables -A $outchain -p udp -d $1 --sport 500 $options
 	fi
 
 	for z in `separate_list $3`; do
 	    if validate_zone $z; then
-		if [ $2 = ipsec ]; then
-		    addrule ${FW}2${z} -p udp --sport 500 --dport 500 $options
-		else
-		    addrule ${FW}2${z} -p udp --sport 500 $options
-		fi
+		addrule ${FW}2${z} -p udp --sport 500 --dport 500 $options
 	    else
 		error_message "Warning: Invalid gateway zone ($z)" \
 		" -- Tunnel \"$tunnel\" may encounter keying problems"