From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon, 4 Jul 2011 21:09:05 +0000 (+0200)
Subject: ipsec: fix ike firewall rule to support nat traversal.
X-Git-Tag: v2.9-core53~75^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=85cbc0a08f8f0125602244b91beb1b8e45a36e3f;p=ipfire-2.x.git

ipsec: fix ike firewall rule to support nat traversal.
---

diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index c500e582ea..a018289f6f 100644
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -59,9 +59,9 @@ void open_physical (char *interface, int nat_traversal_port) {
 //        safe_system(str);
         // IKE
 
-        sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --sport 500 --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
+        sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
         safe_system(str);
-        sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --sport 500 --dport 500 -j ACCEPT", interface);
+        sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
         safe_system(str);
 
         if (! nat_traversal_port)