From 6b78527ef407b08b4e2c26f0709375b366e66283 Mon Sep 17 00:00:00 2001
From: Bill Nottingham <notting@redhat.com>
Date: Wed, 2 Jul 2003 22:37:43 +0000
Subject: add ifdown-ipsec

---
 sysconfig/network-scripts/ifdown-ipsec | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100755 sysconfig/network-scripts/ifdown-ipsec

(limited to 'sysconfig/network-scripts/ifdown-ipsec')

diff --git a/sysconfig/network-scripts/ifdown-ipsec b/sysconfig/network-scripts/ifdown-ipsec
new file mode 100755
index 00000000..d5f8ec50
--- /dev/null
+++ b/sysconfig/network-scripts/ifdown-ipsec
@@ -0,0 +1,29 @@
+#!/bin/bash
+PATH=/sbin:/usr/sbin/:/bin:/usr/bin
+
+cd /etc/sysconfig/network-scripts
+. network-functions
+
+CONFIG=$1
+[ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
+source_config
+
+if [ -z "$SRC" ]; then
+    SRC=`ip -o route get to $DST | sed "s|.*src \([^ ]*\).*|\1|"`
+fi
+
+if [ "$KEYING" = "manual" ]; then
+    setkey -c << EOF
+delete $SRC $DST ah $SPI_AH_OUT;
+delete $DST $SRC ah $SPI_AH_IN;
+delete $SRC $DST esp $SPI_ESP_OUT;
+delete $DST $SRC esp $SPI_ESP_IN;
+EOF
+fi
+
+setkey -c << EOF
+spddelete $SRC $DST any -P out;
+spddelete $DST $SRC any -P in;
+EOF
+
+/etc/sysconfig/network-scripts/ifdown-post $CONFIG
-- 
cgit v1.2.1