X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=src%2Fmisc-progs%2Fipsecctrl.c;fp=src%2Fmisc-progs%2Fipsecctrl.c;h=9afc409ca96c2792a10f6750143f6b58038dd1f7;hp=204753640a5bea3f42f783d3bcae3f05cad9b82c;hb=a3452c90307aa6fd2b8543c17c15638c2ffda15e;hpb=637eee2607c015947778523be13cce1c1ed938c6

diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index 204753640a..9afc409ca9 100644
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -63,6 +63,10 @@ void open_physical (char *interface, int nat_traversal_port) {
         safe_system(str);
         sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
         safe_system(str);
+        sprintf(str, "/sbin/iptables --wait -D IPSECOUTPUT -p udp -o %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
+        safe_system(str);
+        sprintf(str, "/sbin/iptables --wait -A IPSECOUTPUT -p udp -o %s --dport 500 -j ACCEPT", interface);
+        safe_system(str);
 
         if (! nat_traversal_port) 
             return;
@@ -71,6 +75,10 @@ void open_physical (char *interface, int nat_traversal_port) {
         safe_system(str);
         sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
         safe_system(str);
+        sprintf(str, "/sbin/iptables --wait -D IPSECOUTPUT -p udp -o %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
+        safe_system(str);
+        sprintf(str, "/sbin/iptables --wait -A IPSECOUTPUT -p udp -o %s --dport %i -j ACCEPT", interface, nat_traversal_port);
+        safe_system(str);
 }
 
 void ipsec_norules() {