From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] location: Restart IPsec after firewall was restarted
Date: Tue, 28 Jul 2020 17:18:18 +0000
Message-ID: <20200728171819.13597-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4947359124259342487=="
List-Id: <development.lists.ipfire.org>

--===============4947359124259342487==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

strongswan creates rules in iptables which are being dropped when
the firewall is being restarted.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 src/scripts/convert-to-location | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/scripts/convert-to-location b/src/scripts/convert-to-location
index 9149b854d..428a91d34 100755
--- a/src/scripts/convert-to-location
+++ b/src/scripts/convert-to-location
@@ -47,6 +47,11 @@ if [ -f "$FW_CONF_DIR/geoipblock" ]; then
 
 	# Regenerate firewall chains.
 	/etc/init.d/firewall restart
+
+	# Restart IPsec for dropped iptables rules
+	if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
+		/etc/init.d/ipsec restart
+	fi
 fi
 
 # Finished.
-- 
2.20.1


--===============4947359124259342487==--