diff options
| author | Bill Nottingham <notting@redhat.com> | 2005-03-11 21:12:29 +0000 |
|---|---|---|
| committer | Bill Nottingham <notting@redhat.com> | 2005-03-11 21:12:29 +0000 |
| commit | 20822ca4d51c7b150e9a7cc6da446664fe4f957f (patch) | |
| tree | c59e0f468174c5fc931982529918bcc0d5097911 /sysconfig/network-scripts | |
| parent | 417d5a423ce7c27e830c64a75f086ca40490bac1 (diff) | |
| download | initscripts-20822ca4d51c7b150e9a7cc6da446664fe4f957f.tar initscripts-20822ca4d51c7b150e9a7cc6da446664fe4f957f.tar.gz initscripts-20822ca4d51c7b150e9a7cc6da446664fe4f957f.tar.bz2 initscripts-20822ca4d51c7b150e9a7cc6da446664fe4f957f.tar.xz initscripts-20822ca4d51c7b150e9a7cc6da446664fe4f957f.zip | |
don't do fwd policies explicitly; let setkey handle it
Diffstat (limited to 'sysconfig/network-scripts')
| -rwxr-xr-x | sysconfig/network-scripts/ifdown-ipsec | 2 | ||||
| -rwxr-xr-x | sysconfig/network-scripts/ifup-ipsec | 12 |
2 files changed, 0 insertions, 14 deletions
diff --git a/sysconfig/network-scripts/ifdown-ipsec b/sysconfig/network-scripts/ifdown-ipsec index 37785642..cbc8e2df 100755 --- a/sysconfig/network-scripts/ifdown-ipsec +++ b/sysconfig/network-scripts/ifdown-ipsec @@ -57,7 +57,6 @@ if [ "$MODE" = "host" ]; then setkey -c << EOF spddelete $SRC $DST any -P out; spddelete $DST $SRC any -P in; - spddelete $DST $SRC any -P fwd; EOF else [ -z "$SRCNET" ] && SRCNET="$SRC/32" @@ -68,7 +67,6 @@ else /sbin/setkey -c >/dev/null 2>&1 << EOF spddelete $SRCNET $DSTNET any -P out; spddelete $DSTNET $SRCNET any -P in; - spddelete $DSTNET $SRCNET any -P fwd; EOF fi diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec index 5c836162..4751b5cc 100755 --- a/sysconfig/network-scripts/ifup-ipsec +++ b/sysconfig/network-scripts/ifup-ipsec @@ -146,7 +146,6 @@ delete $SRC $DST esp $SPI_ESP_OUT; delete $DST $SRC esp $SPI_ESP_IN; spddelete $SRCNET $DSTNET any -P out; spddelete $DSTNET $SRCNET any -P in; -spddelete $DSTNET $SRCNET any -P fwd; # ESP ${KEY_ESP_IN:+add $DST $SRC esp $SPI_ESP_IN -m tunnel -E ${ESP_PROTO_IN:-$ESP_PROTO} $(echo '"')$KEY_ESP_IN$(echo '"');} @@ -165,11 +164,6 @@ spdadd $DSTNET $SRCNET any -P in ipsec ${KEY_ESP_IN:+esp/tunnel/$DST-$SRC/require} ${KEY_AH_IN:+ah/tunnel/$DST-$SRC/require} ; - -spdadd $DSTNET $SRCNET any -P fwd ipsec - ${KEY_ESP_IN:+esp/tunnel/$DST-$SRC/require} - ${KEY_AH_IN:+ah/tunnel/$DST-$SRC/require} - ; EOF fi fi @@ -202,7 +196,6 @@ EOF /sbin/setkey -c >/dev/null 2>&1 << EOF spddelete $SRCNET $DSTNET any -P out; spddelete $DSTNET $SRCNET any -P in; -spddelete $DSTNET $SRCNET any -P fwd; spdadd $SRCNET $DSTNET any -P out ipsec esp/tunnel/$SRC-$DST/require @@ -213,11 +206,6 @@ spdadd $DSTNET $SRCNET any -P in ipsec esp/tunnel/$DST-$SRC/require ah/tunnel/$DST-$SRC/require ; - -spdadd $DSTNET $SRCNET any -P fwd ipsec - esp/tunnel/$DST-$SRC/require - ah/tunnel/$DST-$SRC/require - ; EOF fi if [ "$IKE_METHOD" = "PSK" ]; then |