From 0d08190bd1909940678677a0dde00c42761d7f4c Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Thu, 11 Sep 2003 16:05:01 +0000 Subject: more ipsec fixes (#104227, ) --- sysconfig/network-scripts/ifdown-ipsec | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'sysconfig/network-scripts/ifdown-ipsec') diff --git a/sysconfig/network-scripts/ifdown-ipsec b/sysconfig/network-scripts/ifdown-ipsec index 60480cdb..37e5f76f 100755 --- a/sysconfig/network-scripts/ifdown-ipsec +++ b/sysconfig/network-scripts/ifdown-ipsec @@ -47,10 +47,21 @@ delete $DST $SRC esp $SPI_ESP_IN; EOF fi -setkey -c << EOF -spddelete $SRC $DST any -P out; -spddelete $DST $SRC any -P in; +if [ "$MODE" = "host" ]; then + setkey -c << EOF + spddelete $SRC $DST any -P out; + spddelete $DST $SRC any -P in; EOF +else + [ -z "$SRCNET" ] && SRCNET="$SRC/32" + [ -z "$DSTNET" ] && DSTNET="$DST/32" + + /sbin/setkey -c >/dev/null 2>&1 << EOF + spddelete $SRCNET $DSTNET any -P out; + spddelete $DSTNET $SRCNET any -P in; +EOF +fi + if [ "$KEYING" = "automatic" ]; then racoontmp=`mktemp /etc/racoon/racoon.XXXXXX` -- cgit v1.2.1