diff options
author | Bill Nottingham <notting@redhat.com> | 2005-01-19 19:28:01 +0000 |
---|---|---|
committer | Bill Nottingham <notting@redhat.com> | 2005-01-19 19:28:01 +0000 |
commit | 0cf24802f081786e1f40030f1ee6e79b3818bccc (patch) | |
tree | 7188985b754dbc266b35e5bfc4204591527f98a8 /sysconfig | |
parent | 058dd2930c0288c4563c70570d8e166611530982 (diff) | |
download | initscripts-0cf24802f081786e1f40030f1ee6e79b3818bccc.tar initscripts-0cf24802f081786e1f40030f1ee6e79b3818bccc.tar.gz initscripts-0cf24802f081786e1f40030f1ee6e79b3818bccc.tar.bz2 initscripts-0cf24802f081786e1f40030f1ee6e79b3818bccc.tar.xz initscripts-0cf24802f081786e1f40030f1ee6e79b3818bccc.zip |
add fwd policies (#145507)
Diffstat (limited to 'sysconfig')
-rwxr-xr-x | sysconfig/network-scripts/ifup-ipsec | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec index 4751b5cc..5c836162 100755 --- a/sysconfig/network-scripts/ifup-ipsec +++ b/sysconfig/network-scripts/ifup-ipsec @@ -146,6 +146,7 @@ delete $SRC $DST esp $SPI_ESP_OUT; delete $DST $SRC esp $SPI_ESP_IN; spddelete $SRCNET $DSTNET any -P out; spddelete $DSTNET $SRCNET any -P in; +spddelete $DSTNET $SRCNET any -P fwd; # ESP ${KEY_ESP_IN:+add $DST $SRC esp $SPI_ESP_IN -m tunnel -E ${ESP_PROTO_IN:-$ESP_PROTO} $(echo '"')$KEY_ESP_IN$(echo '"');} @@ -164,6 +165,11 @@ spdadd $DSTNET $SRCNET any -P in ipsec ${KEY_ESP_IN:+esp/tunnel/$DST-$SRC/require} ${KEY_AH_IN:+ah/tunnel/$DST-$SRC/require} ; + +spdadd $DSTNET $SRCNET any -P fwd ipsec + ${KEY_ESP_IN:+esp/tunnel/$DST-$SRC/require} + ${KEY_AH_IN:+ah/tunnel/$DST-$SRC/require} + ; EOF fi fi @@ -196,6 +202,7 @@ EOF /sbin/setkey -c >/dev/null 2>&1 << EOF spddelete $SRCNET $DSTNET any -P out; spddelete $DSTNET $SRCNET any -P in; +spddelete $DSTNET $SRCNET any -P fwd; spdadd $SRCNET $DSTNET any -P out ipsec esp/tunnel/$SRC-$DST/require @@ -206,6 +213,11 @@ spdadd $DSTNET $SRCNET any -P in ipsec esp/tunnel/$DST-$SRC/require ah/tunnel/$DST-$SRC/require ; + +spdadd $DSTNET $SRCNET any -P fwd ipsec + esp/tunnel/$DST-$SRC/require + ah/tunnel/$DST-$SRC/require + ; EOF fi if [ "$IKE_METHOD" = "PSK" ]; then |