]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - src/misc-progs/ipsecctrl.c
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ipsec: Add block rules to avoid conntrack entries
[ipfire-2.x.git] / src / misc-progs / ipsecctrl.c
diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index e99202d9fa33cb5ab35121d09ff59f9ed633fd10..7499e94c9a7f384e6d0fd809203d32163cb84e96 100644 (file)
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -144,6 +144,9 @@ void turn_connection_on(char *name, char *type) {
                 "/usr/sbin/ipsec down %s >/dev/null", name);
         safe_system(command);
 
+       // Reload the IPsec block chain
+       safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+
        // Reload the configuration into the daemon (#10339).
        ipsec_reload();
 
@@ -302,6 +305,7 @@ int main(int argc, char *argv[]) {
 
         // start the system
         if ((argc == 2) && strcmp(argv[1], "S") == 0) {
+               safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
                safe_system("/usr/sbin/ipsec restart >/dev/null");
                 exit(0);
         }
IPFire 2.x development tree