ipsec-policy: Do no create DROP rules for on-demand mode

[people/pmueller/ipfire-2.x.git] / config / firewall / ipsec-policy

diff --git a/config/firewall/ipsec-policy b/config/firewall/ipsec-policy
index 1ad4de65013fe66c8d3e36fb62c370256b865289..334e2d9bbdd9f0b383ad0a960c579985c4d79ad1 100644 (file)
--- a/config/firewall/ipsec-policy
+++ b/config/firewall/ipsec-policy
@@ -34,6 +34,11 @@ block_subnet() {
        local subnet="${1}"
        local action="${2}"
 
+       # Nothing to be done if no action is requested
+       if [ "${action}" = "none" ]; then
+               return 0
+       fi
+
        # Don't block a wildcard subnet
        if [ "${subnet}" = "0.0.0.0/0" ] || [ "${subnet}" = "0.0.0.0/0.0.0.0" ]; then
                return 0
@@ -108,7 +113,7 @@ install_policy() {
 
                case "${route}" in
                        route)
-                               action="drop"
+                               action="none"
                                ;;
                        *)
                                action="reject"