From 9e81a5101f6833e95fe5db78f5226a9f082def64 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 2 Jul 2010 12:24:58 -0700
Subject: [PATCH] Cleaner fix for ipsec/vserver issue

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index beefc7965..b07188fec 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -2556,12 +2556,8 @@ sub match_ipsec_in( $$ ) {
     my $zoneref    = find_zone( $zone );
     my $optionsref = $zoneref->{options};
 
-    unless ( $optionsref->{super} ) {
+    unless ( $optionsref->{super} || $zoneref->{type} == VSERVER ) {
 	$match = '-m policy --dir in --pol ';
-	
-	if ( $zoneref->{type} eq 'vserver' ) {
-	    return '';
-	}
 
 	if ( $zoneref->{type} eq 'ipsec' ) {
 	    $match .= "ipsec $optionsref->{in_out}{ipsec}$optionsref->{in}{ipsec}";
@@ -2584,13 +2580,9 @@ sub match_ipsec_out( $$ ) {
     my $zoneref    = find_zone( $zone );
     my $optionsref = $zoneref->{options};
 
-    unless ( $optionsref->{super} ) {
+    unless ( $optionsref->{super} || $zoneref->{type} == VSERVER ) {
 	$match = '-m policy --dir out --pol ';
 
-	if ( $zoneref->{type} eq 'vserver' ) {
-	    return '';
-	}
-
 	if ( $zoneref->{type} eq 'ipsec' ) {
 	    $match .= "ipsec $optionsref->{in_out}{ipsec}$optionsref->{out}{ipsec}";
 	} elsif ( have_ipsec ) {