From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 29 Nov 2018 15:04:28 +0000 (+0000)
Subject: IPsec: Rename ipsec-block script to ipsec-policy
X-Git-Tag: v2.23-core131~197^2~38
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=6c920b19cd768445a66f5be58c4701b878d5b943

IPsec: Rename ipsec-block script to ipsec-policy

This is a more general name for a script that will be extended
soon to do more than just add blocking rules.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/firewall/ipsec-block b/config/firewall/ipsec-policy
similarity index 88%
rename from config/firewall/ipsec-block
rename to config/firewall/ipsec-policy
index 96682b8943..4544a447d0 100644
--- a/config/firewall/ipsec-block
+++ b/config/firewall/ipsec-policy
@@ -21,6 +21,13 @@
 
 VPN_CONFIG="/var/ipfire/vpn/config"
 
+VARS=(
+	id status name lefthost type ctype x1 x2 x3 leftsubnets
+	x4 righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12
+	x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24
+	route rest
+)
+
 block_subnet() {
 	local subnet="${1}"
 	local action="${2}"
@@ -45,21 +52,15 @@ block_subnet() {
 	return 0
 }
 
-block_ipsec() {
+install_policy() {
 	# Flush all exists rules
 	iptables -F IPSECBLOCK
 
-	local action
-
-	local vars="id status name lefthost type ctype x1 x2 x3 leftsubnets"
-	vars="${vars} x4 righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12"
-	vars="${vars} x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24"
-	vars="${vars} route rest"
-
 	# Register local variables
-	local ${vars}
+	local "${VARS[@]}"
+	local action
 
-	while IFS="," read -r ${vars}; do
+	while IFS="," read -r "${VARS[@]}"; do
 		# Check if the connection is enabled
 		[ "${status}" = "on" ] || continue
 
@@ -85,4 +86,4 @@ block_ipsec() {
 	done < "${VPN_CONFIG}"
 }
 
-block_ipsec || exit $?
+install_policy || exit $?
diff --git a/config/rootfiles/common/aarch64/stage2 b/config/rootfiles/common/aarch64/stage2
index 110114c478..0c2552f4fe 100644
--- a/config/rootfiles/common/aarch64/stage2
+++ b/config/rootfiles/common/aarch64/stage2
@@ -76,7 +76,7 @@ usr/bin/captive-cleanup
 #usr/lib
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
 usr/lib/firewall/rules.pl
 #usr/lib/libgcc_s.so
 usr/lib/libgcc_s.so.1
diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 5665f23012..7b4dbaa5dd 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -75,7 +75,7 @@ usr/bin/captive-cleanup
 #usr/lib
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
 usr/lib/firewall/rules.pl
 #usr/lib/libgcc_s.so
 usr/lib/libgcc_s.so.1
diff --git a/config/rootfiles/common/x86_64/stage2 b/config/rootfiles/common/x86_64/stage2
index 110114c478..0c2552f4fe 100644
--- a/config/rootfiles/common/x86_64/stage2
+++ b/config/rootfiles/common/x86_64/stage2
@@ -76,7 +76,7 @@ usr/bin/captive-cleanup
 #usr/lib
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
 usr/lib/firewall/rules.pl
 #usr/lib/libgcc_s.so
 usr/lib/libgcc_s.so.1
diff --git a/lfs/stage2 b/lfs/stage2
index 7e8dfe3169..4b8f0bc811 100644
--- a/lfs/stage2
+++ b/lfs/stage2
@@ -115,8 +115,8 @@ endif
 		/usr/lib/firewall/rules.pl
 	install -m 644 $(DIR_SRC)/config/firewall/firewall-lib.pl \
 		/usr/lib/firewall/firewall-lib.pl
-	install -m 755 $(DIR_SRC)/config/firewall/ipsec-block \
-		/usr/lib/firewall/ipsec-block
+	install -m 755 $(DIR_SRC)/config/firewall/ipsec-policy \
+		/usr/lib/firewall/ipsec-policy
 
 	# Nobody user
 	-mkdir -p /home/nobody
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 707209987e..1ffeda993b 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -360,8 +360,8 @@ iptables_init() {
 	iptables -t nat -N REDNAT
 	iptables -t nat -A POSTROUTING -j REDNAT
 
-	# Populate IPsec block chain
-	/usr/lib/firewall/ipsec-block
+	# Populate IPsec chains
+	/usr/lib/firewall/ipsec-policy
 
 	# Apply OpenVPN firewall rules
 	/usr/local/bin/openvpnctrl --firewall-rules
diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index 9afc409ca9..53c87673af 100644
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -152,8 +152,8 @@ void turn_connection_on(char *name, char *type) {
                 "/usr/sbin/ipsec down %s >/dev/null", name);
         safe_system(command);
 
-	// Reload the IPsec block chain
-	safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+	// Reload the IPsec firewall policy
+	safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
 
 	// Reload the configuration into the daemon (#10339).
 	ipsec_reload();
@@ -182,8 +182,8 @@ void turn_connection_off (char *name) {
 	// Reload, so the connection is dropped.
 	ipsec_reload();
 
-	// Reload the IPsec block chain
-	safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+	// Reload the IPsec firewall policy
+	safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
 }
 
 int main(int argc, char *argv[]) {
@@ -316,7 +316,7 @@ int main(int argc, char *argv[]) {
 
         // start the system
         if ((argc == 2) && strcmp(argv[1], "S") == 0) {
-		safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+		safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
 		safe_system("/usr/sbin/ipsec restart >/dev/null");
                 exit(0);
         }