]>
Commit | Line | Data |
---|---|---|
1 | diff -Naur strongswan-4.3.6.org/src/_updown/_updown.in strongswan-4.3.6/src/_updown/_updown.in | |
2 | --- strongswan-4.3.6.org/src/_updown/_updown.in 2009-09-27 21:50:42.000000000 +0200 | |
3 | +++ strongswan-4.3.6/src/_updown/_updown.in 2010-03-20 18:44:11.000000000 +0100 | |
4 | @@ -374,10 +374,10 @@ | |
5 | # connection to me, with (left/right)firewall=yes, coming up | |
6 | # This is used only by the default updown script, not by your custom | |
7 | # ones, so do not mess with it; see CAUTION comment up at top. | |
8 | - iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
9 | + iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
10 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
11 | -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT | |
12 | - iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
13 | + iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
14 | -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ | |
15 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT | |
16 | # | |
17 | @@ -387,10 +387,10 @@ | |
18 | if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] | |
19 | then | |
20 | logger -t $TAG -p $FAC_PRIO \ | |
21 | - "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" | |
22 | + "host+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" | |
23 | else | |
24 | logger -t $TAG -p $FAC_PRIO \ | |
25 | - "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" | |
26 | + "host+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" | |
27 | fi | |
28 | fi | |
29 | ;; | |
30 | @@ -398,10 +398,10 @@ | |
31 | # connection to me, with (left/right)firewall=yes, going down | |
32 | # This is used only by the default updown script, not by your custom | |
33 | # ones, so do not mess with it; see CAUTION comment up at top. | |
34 | - iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
35 | + iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
36 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
37 | -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT | |
38 | - iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
39 | + iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
40 | -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ | |
41 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT | |
42 | # | |
43 | @@ -411,10 +411,10 @@ | |
44 | if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] | |
45 | then | |
46 | logger -t $TAG -p $FAC_PRIO -- \ | |
47 | - "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" | |
48 | + "host- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME" | |
49 | else | |
50 | logger -t $TAG -p $FAC_PRIO -- \ | |
51 | - "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" | |
52 | + "host- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" | |
53 | fi | |
54 | fi | |
55 | ;; | |
56 | @@ -424,10 +424,10 @@ | |
57 | # ones, so do not mess with it; see CAUTION comment up at top. | |
58 | if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] | |
59 | then | |
60 | - iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
61 | + iptables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
62 | -s $PLUTO_MY_CLIENT $S_MY_PORT \ | |
63 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT | |
64 | - iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
65 | + iptables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
66 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
67 | -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT | |
68 | fi | |
69 | @@ -436,10 +436,10 @@ | |
70 | # or sometimes host access via the internal IP is needed | |
71 | if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] | |
72 | then | |
73 | - iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
74 | + iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
75 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
76 | -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT | |
77 | - iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
78 | + iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
79 | -s $PLUTO_MY_CLIENT $S_MY_PORT \ | |
80 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT | |
81 | fi | |
82 | @@ -450,12 +450,27 @@ | |
83 | if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] | |
84 | then | |
85 | logger -t $TAG -p $FAC_PRIO \ | |
86 | - "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" | |
87 | + "client+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" | |
88 | else | |
89 | logger -t $TAG -p $FAC_PRIO \ | |
90 | - "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" | |
91 | + "client+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" | |
92 | fi | |
93 | fi | |
94 | + | |
95 | + # | |
96 | + # Open Firewall for ESP Traffic | |
97 | + iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p ESP \ | |
98 | + -s $PLUTO_PEER $S_PEER_PORT \ | |
99 | + -d $PLUTO_ME $D_MY_PORT -j ACCEPT | |
100 | + iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p ESP \ | |
101 | + -d $PLUTO_PEER $S_PEER_PORT \ | |
102 | + -s $PLUTO_ME $D_MY_PORT -j ACCEPT | |
103 | + if [ $VPN_LOGGING ] | |
104 | + then | |
105 | + logger -t $TAG -p $FAC_PRIO \ | |
106 | + "ESP+ $PLUTO_PEER -- $PLUTO_ME" | |
107 | + fi | |
108 | + | |
109 | ;; | |
110 | down-client:iptables) | |
111 | # connection to client subnet, with (left/right)firewall=yes, going down | |
112 | @@ -463,11 +478,11 @@ | |
113 | # ones, so do not mess with it; see CAUTION comment up at top. | |
114 | if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] | |
115 | then | |
116 | - iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
117 | + iptables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
118 | -s $PLUTO_MY_CLIENT $S_MY_PORT \ | |
119 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ | |
120 | $IPSEC_POLICY_OUT -j ACCEPT | |
121 | - iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
122 | + iptables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
123 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
124 | -d $PLUTO_MY_CLIENT $D_MY_PORT \ | |
125 | $IPSEC_POLICY_IN -j ACCEPT | |
126 | @@ -477,11 +492,11 @@ | |
127 | # or sometimes host access via the internal IP is needed | |
128 | if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] | |
129 | then | |
130 | - iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
131 | + iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
132 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
133 | -d $PLUTO_MY_CLIENT $D_MY_PORT \ | |
134 | $IPSEC_POLICY_IN -j ACCEPT | |
135 | - iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
136 | + iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
137 | -s $PLUTO_MY_CLIENT $S_MY_PORT \ | |
138 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ | |
139 | $IPSEC_POLICY_OUT -j ACCEPT | |
140 | @@ -493,12 +508,27 @@ | |
141 | if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] | |
142 | then | |
143 | logger -t $TAG -p $FAC_PRIO -- \ | |
144 | - "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" | |
145 | + "client- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" | |
146 | else | |
147 | logger -t $TAG -p $FAC_PRIO -- \ | |
148 | - "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" | |
149 | + "client- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" | |
150 | fi | |
151 | fi | |
152 | + | |
153 | + # | |
154 | + # Close Firewall for ESP Traffic | |
155 | + iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p ESP \ | |
156 | + -s $PLUTO_PEER $S_PEER_PORT \ | |
157 | + -d $PLUTO_ME $D_MY_PORT -j ACCEPT | |
158 | + iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p ESP \ | |
159 | + -d $PLUTO_PEER $S_PEER_PORT \ | |
160 | + -s $PLUTO_ME $D_MY_PORT -j ACCEPT | |
161 | + if [ $VPN_LOGGING ] | |
162 | + then | |
163 | + logger -t $TAG -p $FAC_PRIO \ | |
164 | + "ESP- $PLUTO_PEER -- $PLUTO_ME" | |
165 | + fi | |
166 | + | |
167 | ;; | |
168 | # | |
169 | # IPv6 | |
170 | @@ -533,10 +563,10 @@ | |
171 | # connection to me, with (left/right)firewall=yes, coming up | |
172 | # This is used only by the default updown script, not by your custom | |
173 | # ones, so do not mess with it; see CAUTION comment up at top. | |
174 | - ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
175 | + ip6tables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
176 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
177 | -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT | |
178 | - ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
179 | + ip6tables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
180 | -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ | |
181 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT | |
182 | # | |
183 | @@ -557,10 +587,10 @@ | |
184 | # connection to me, with (left/right)firewall=yes, going down | |
185 | # This is used only by the default updown script, not by your custom | |
186 | # ones, so do not mess with it; see CAUTION comment up at top. | |
187 | - ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
188 | + ip6tables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
189 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
190 | -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT | |
191 | - ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
192 | + ip6tables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
193 | -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ | |
194 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT | |
195 | # | |
196 | @@ -583,10 +613,10 @@ | |
197 | # ones, so do not mess with it; see CAUTION comment up at top. | |
198 | if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ] | |
199 | then | |
200 | - ip6tables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
201 | + ip6tables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
202 | -s $PLUTO_MY_CLIENT $S_MY_PORT \ | |
203 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT | |
204 | - ip6tables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
205 | + ip6tables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
206 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
207 | -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT | |
208 | fi | |
209 | @@ -595,10 +625,10 @@ | |
210 | # or sometimes host access via the internal IP is needed | |
211 | if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] | |
212 | then | |
213 | - ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
214 | + ip6tables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
215 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
216 | -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT | |
217 | - ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
218 | + ip6tables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
219 | -s $PLUTO_MY_CLIENT $S_MY_PORT \ | |
220 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT | |
221 | fi | |
222 | @@ -622,11 +652,11 @@ | |
223 | # ones, so do not mess with it; see CAUTION comment up at top. | |
224 | if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ] | |
225 | then | |
226 | - ip6tables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
227 | + ip6tables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
228 | -s $PLUTO_MY_CLIENT $S_MY_PORT \ | |
229 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ | |
230 | $IPSEC_POLICY_OUT -j ACCEPT | |
231 | - ip6tables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
232 | + ip6tables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
233 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
234 | -d $PLUTO_MY_CLIENT $D_MY_PORT \ | |
235 | $IPSEC_POLICY_IN -j ACCEPT | |
236 | @@ -636,11 +666,11 @@ | |
237 | # or sometimes host access via the internal IP is needed | |
238 | if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] | |
239 | then | |
240 | - ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
241 | + ip6tables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
242 | -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ | |
243 | -d $PLUTO_MY_CLIENT $D_MY_PORT \ | |
244 | $IPSEC_POLICY_IN -j ACCEPT | |
245 | - ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
246 | + ip6tables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
247 | -s $PLUTO_MY_CLIENT $S_MY_PORT \ | |
248 | -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ | |
249 | $IPSEC_POLICY_OUT -j ACCEPT | |
250 | diff -Naur strongswan-4.3.6.org/src/_updown_espmark/_updown_espmark strongswan-4.3.6/src/_updown_espmark/_updown_espmark | |
251 | --- strongswan-4.3.6.org/src/_updown_espmark/_updown_espmark 2009-09-27 21:50:42.000000000 +0200 | |
252 | +++ strongswan-4.3.6/src/_updown_espmark/_updown_espmark 2010-03-15 18:52:28.000000000 +0100 | |
253 | @@ -247,10 +247,10 @@ | |
254 | ESP_MARK=50 | |
255 | ||
256 | # add the following static rule to the INPUT chain in the mangle table | |
257 | -# iptables -t mangle -A INPUT -p 50 -j MARK --set-mark 50 | |
258 | +# iptables -t mangle -A IPSECINPUT -p 50 -j MARK --set-mark 50 | |
259 | ||
260 | # NAT traversal via UDP encapsulation is supported with the rule | |
261 | -# iptables -t mangle -A INPUT -p udp --dport 4500 -j MARK --set-mark 50 | |
262 | +# iptables -t mangle -A IPSECINPUT -p udp --dport 4500 -j MARK --set-mark 50 | |
263 | ||
264 | # in the presence of KLIPS and ipsecN interfaces do not use ESP mark rules | |
265 | if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] | |
266 | @@ -325,10 +325,10 @@ | |
267 | up-host:*) | |
268 | # connection to me coming up | |
269 | # If you are doing a custom version, firewall commands go here. | |
270 | - iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
271 | + iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
272 | -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ | |
273 | -d $PLUTO_ME $D_MY_PORT $CHECK_MARK -j ACCEPT | |
274 | - iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
275 | + iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
276 | -s $PLUTO_ME $S_MY_PORT \ | |
277 | -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT | |
278 | # | |
279 | @@ -346,10 +346,10 @@ | |
280 | # If you are doing a custom version, firewall commands go here. | |
281 | # connection to me going down | |
282 | # If you are doing a custom version, firewall commands go here. | |
283 | - iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
284 | + iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
285 | -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ | |
286 | -d $PLUTO_ME $D_MY_PORT $CHECK_MARK -j ACCEPT | |
287 | - iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
288 | + iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
289 | -s $PLUTO_ME $S_MY_PORT \ | |
290 | -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT | |
291 | # | |
292 | @@ -365,10 +365,10 @@ | |
293 | up-client:) | |
294 | # connection to my client subnet coming up | |
295 | # If you are doing a custom version, firewall commands go here. | |
296 | - iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
297 | + iptables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
298 | -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ | |
299 | -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT | |
300 | - iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
301 | + iptables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
302 | -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ | |
303 | -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ | |
304 | $CHECK_MARK -j ACCEPT | |
305 | @@ -385,10 +385,10 @@ | |
306 | down-client:) | |
307 | # connection to my client subnet going down | |
308 | # If you are doing a custom version, firewall commands go here. | |
309 | - iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
310 | + iptables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ | |
311 | -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ | |
312 | -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT | |
313 | - iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
314 | + iptables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ | |
315 | -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ | |
316 | -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ | |
317 | $CHECK_MARK -j ACCEPT |