From dafae2f75cbf330000e94e4335c886a669eb62fd Mon Sep 17 00:00:00 2001
From: Alexander Marx <amarx@ipfire.org>
Date: Mon, 5 Aug 2013 09:20:16 +0200
Subject: [PATCH] Forward Firewall: deleted outgoingfwmac from firewall script
 (not used in new firewall)

---
 lfs/strongswan.save             | 114 ++++++++++++++++++++++++++++++++
 src/initscripts/init.d/firewall |   3 -
 2 files changed, 114 insertions(+), 3 deletions(-)
 create mode 100644 lfs/strongswan.save

diff --git a/lfs/strongswan.save b/lfs/strongswan.save
new file mode 100644
index 0000000000..797e512fe2
--- /dev/null
+++ b/lfs/strongswan.save
@@ -0,0 +1,114 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 5.1.0
+
+THISAPP    = strongswan-$(VER)
+DL_FILE    = $(THISAPP).tar.bz2
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/strongswan-$(VER)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+ifeq "$(MACHINE)" "i586"
+	PADLOCK = --enable-padlock
+else
+	PADLOCK = --disable-padlock
+endif
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = c1cd0a3ba9960f590cae28c8470800e8
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
+	
+	cd $(DIR_APP) && ./configure \
+		--prefix="/usr" \
+		--sysconfdir="/etc" \
+		--enable-curl \
+		--enable-openssl \
+		--enable-xauth-eap \
+		--enable-eap-radius \
+		--enable-eap-tls \
+		--enable-eap-ttls \
+		--enable-eap-peap \
+		--enable-eap-mschapv2 \
+		--enable-eap-identity \
+		$(PADLOCK)
+
+	cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt"
+	cd $(DIR_APP) && make install
+
+	# Remove all library files we don't want or need.
+	rm -vf /usr/lib/ipsec/plugins/*.{,l}a
+
+	-rm -rfv /etc/rc*.d/*ipsec
+	cd $(DIR_SRC) && cp src/initscripts/init.d/ipsec /etc/rc.d/init.d/ipsec
+	rm -f /etc/ipsec.conf /etc/ipsec.secrets
+	ln -sf $(CONFIG_ROOT)/vpn/ipsec.conf /etc/ipsec.conf
+	ln -sf $(CONFIG_ROOT)/vpn/ipsec.secrets /etc/ipsec.secrets
+
+	rm -rf /etc/ipsec.d/{cacerts,certs,crls}
+	ln -sf $(CONFIG_ROOT)/ca    /etc/ipsec.d/cacerts
+	ln -sf $(CONFIG_ROOT)/certs /etc/ipsec.d/certs
+	ln -sf $(CONFIG_ROOT)/crls  /etc/ipsec.d/crls
+
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 5b89e3d7cd..92a3615bc9 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -150,9 +150,6 @@ iptables_init() {
 	/sbin/iptables -N TOR_INPUT
 	/sbin/iptables -A INPUT -j TOR_INPUT
 
-	# Outgoing Firewall
-	/sbin/iptables -A FORWARD -j OUTGOINGFWMAC
-
 	# localhost and ethernet.
 	/sbin/iptables -A INPUT   -i $GREEN_DEV  -m conntrack --ctstate NEW -j ACCEPT ! -p icmp
 	
-- 
2.39.5