char str[STRING_SIZE];
// IKE
- sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
+ sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
safe_system(str);
- sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
+ sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
safe_system(str);
if (! nat_traversal_port)
return;
- sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
+ sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
safe_system(str);
- sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
+ sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
safe_system(str);
}
void ipsec_norules() {
/* clear input rules */
- safe_system("/sbin/iptables -F IPSECINPUT");
- safe_system("/sbin/iptables -F IPSECFORWARD");
- safe_system("/sbin/iptables -F IPSECOUTPUT");
+ safe_system("/sbin/iptables --wait -F IPSECINPUT");
+ safe_system("/sbin/iptables --wait -F IPSECFORWARD");
+ safe_system("/sbin/iptables --wait -F IPSECOUTPUT");
}
/*
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
+ // Reload the IPsec block chain
+ safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+
// Reload the configuration into the daemon (#10339).
ipsec_reload();
// Reload, so the connection is dropped.
ipsec_reload();
+
+ // Reload the IPsec block chain
+ safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
}
int main(int argc, char *argv[]) {
// start the system
if ((argc == 2) && strcmp(argv[1], "S") == 0) {
+ safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
safe_system("/usr/sbin/ipsec restart >/dev/null");
exit(0);
}