aboutsummaryrefslogtreecommitdiffstats
path: root/sysconfig
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2005-01-19 19:28:01 +0000
committerBill Nottingham <notting@redhat.com>2005-01-19 19:28:01 +0000
commit0cf24802f081786e1f40030f1ee6e79b3818bccc (patch)
tree7188985b754dbc266b35e5bfc4204591527f98a8 /sysconfig
parent058dd2930c0288c4563c70570d8e166611530982 (diff)
downloadinitscripts-0cf24802f081786e1f40030f1ee6e79b3818bccc.tar
initscripts-0cf24802f081786e1f40030f1ee6e79b3818bccc.tar.gz
initscripts-0cf24802f081786e1f40030f1ee6e79b3818bccc.tar.bz2
initscripts-0cf24802f081786e1f40030f1ee6e79b3818bccc.tar.xz
initscripts-0cf24802f081786e1f40030f1ee6e79b3818bccc.zip
add fwd policies (#145507)
Diffstat (limited to 'sysconfig')
-rwxr-xr-xsysconfig/network-scripts/ifup-ipsec12
1 files changed, 12 insertions, 0 deletions
diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec
index 4751b5cc..5c836162 100755
--- a/sysconfig/network-scripts/ifup-ipsec
+++ b/sysconfig/network-scripts/ifup-ipsec
@@ -146,6 +146,7 @@ delete $SRC $DST esp $SPI_ESP_OUT;
delete $DST $SRC esp $SPI_ESP_IN;
spddelete $SRCNET $DSTNET any -P out;
spddelete $DSTNET $SRCNET any -P in;
+spddelete $DSTNET $SRCNET any -P fwd;
# ESP
${KEY_ESP_IN:+add $DST $SRC esp $SPI_ESP_IN -m tunnel -E ${ESP_PROTO_IN:-$ESP_PROTO} $(echo '"')$KEY_ESP_IN$(echo '"');}
@@ -164,6 +165,11 @@ spdadd $DSTNET $SRCNET any -P in ipsec
${KEY_ESP_IN:+esp/tunnel/$DST-$SRC/require}
${KEY_AH_IN:+ah/tunnel/$DST-$SRC/require}
;
+
+spdadd $DSTNET $SRCNET any -P fwd ipsec
+ ${KEY_ESP_IN:+esp/tunnel/$DST-$SRC/require}
+ ${KEY_AH_IN:+ah/tunnel/$DST-$SRC/require}
+ ;
EOF
fi
fi
@@ -196,6 +202,7 @@ EOF
/sbin/setkey -c >/dev/null 2>&1 << EOF
spddelete $SRCNET $DSTNET any -P out;
spddelete $DSTNET $SRCNET any -P in;
+spddelete $DSTNET $SRCNET any -P fwd;
spdadd $SRCNET $DSTNET any -P out ipsec
esp/tunnel/$SRC-$DST/require
@@ -206,6 +213,11 @@ spdadd $DSTNET $SRCNET any -P in ipsec
esp/tunnel/$DST-$SRC/require
ah/tunnel/$DST-$SRC/require
;
+
+spdadd $DSTNET $SRCNET any -P fwd ipsec
+ esp/tunnel/$DST-$SRC/require
+ ah/tunnel/$DST-$SRC/require
+ ;
EOF
fi
if [ "$IKE_METHOD" = "PSK" ]; then