From 4f6790a7e48c1c5bf52ad53c060ef6f3274bd5a1 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 5 Apr 2017 10:33:49 +0100
Subject: [PATCH] ipsecctrl: Reload IPsec block rules after connection is
 deleted

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/misc-progs/ipsecctrl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index 7499e94c9a..204753640a 100644
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -173,6 +173,9 @@ void turn_connection_off (char *name) {
 
 	// Reload, so the connection is dropped.
 	ipsec_reload();
+
+	// Reload the IPsec block chain
+	safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
 }
 
 int main(int argc, char *argv[]) {
-- 
2.39.5