This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 1f324fd71d0dac2e538466ec851a32689df2d896 (commit) from 798023e9a64fb7689be2af50682f57938233ac77 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 1f324fd71d0dac2e538466ec851a32689df2d896 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Jun 24 23:35:40 2010 +0200
ipsecctrl: remove fw-rules clear because strongswan try to do this also.
-----------------------------------------------------------------------
Summary of changes: src/misc-progs/ipsecctrl.c | 13 ++++++------- 1 files changed, 6 insertions(+), 7 deletions(-)
Difference in files: diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c index ea3eda9..085feab 100644 --- a/src/misc-progs/ipsecctrl.c +++ b/src/misc-progs/ipsecctrl.c @@ -58,12 +58,17 @@ void open_physical (char *interface, int nat_traversal_port) { // sprintf(str, "/sbin/iptables -A " phystable " -p 51 -i %s -j ACCEPT", interface); // safe_system(str); // IKE + + sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --sport 500 --dport 500 -j ACCEPT >/dev/null 2>&1", interface); + safe_system(str); sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --sport 500 --dport 500 -j ACCEPT", interface); safe_system(str);
if (! nat_traversal_port) return;
+ sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port); + safe_system(str); sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port); safe_system(str); } @@ -200,21 +205,18 @@ int main(int argc, char *argv[]) { /* handle operations that doesn't need start the ipsec system */ if (argc == 2) { if (strcmp(argv[1], "D") == 0) { - ipsec_norules(); /* Only shutdown pluto if it really is running */ /* Get pluto pid */ if (file = fopen("/var/run/pluto.pid", "r")) { safe_system("/etc/rc.d/init.d/ipsec stop 2> /dev/null >/dev/null"); close(file); } + ipsec_norules(); exit(0); }
}
- /* clear iptables vpn rules */ - ipsec_norules(); - /* read vpn config */ kv=initkeyvalues(); if (!readkeyvalues(kv, CONFIG_ROOT "/vpn/settings")) @@ -348,7 +350,6 @@ int main(int argc, char *argv[]) { // it is a selective start or stop // second param is only a number 'key' if ((argc == 2) || strspn(argv[2], NUMBERS) != strlen(argv[2])) { - ipsec_norules(); fprintf(stderr, "Bad arg\n"); usage(); exit(1); @@ -356,7 +357,6 @@ int main(int argc, char *argv[]) {
// search the vpn pointed by 'key' if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) { - ipsec_norules(); fprintf(stderr, "Couldn't open vpn settings file"); exit(1); } @@ -386,7 +386,6 @@ int main(int argc, char *argv[]) { if (strcmp(argv[1], "D") == 0) turn_connection_off (name); else { - ipsec_norules(); fprintf(stderr, "Bad command\n"); exit(1); }
hooks/post-receive -- IPFire 2.x development tree