Add strongswan (4.3.6) for testing.

[people/pmueller/ipfire-2.x.git] / src / initscripts / init.d / firewall

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 55ab624a71e3075e1bbb2dc4216ac48eb07bcec9..55bc066aaeb87ba41918cf035a056fa43e50356c 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -166,14 +166,17 @@ case "$1" in
        /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
        
        # trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
-       /sbin/iptables -N IPSECVIRTUAL
+       /sbin/iptables -N IPSECINPUT
+       /sbin/iptables -N IPSECFORWARD
+       /sbin/iptables -N IPSECOUTPUT
        /sbin/iptables -N OPENSSLVIRTUAL
-       /sbin/iptables -A INPUT -j IPSECVIRTUAL -m comment --comment "IPSECVIRTUAL INPUT"
+       /sbin/iptables -A INPUT -j IPSECINPUT
        /sbin/iptables -A INPUT -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL INPUT"
-       /sbin/iptables -A FORWARD -j IPSECVIRTUAL -m comment --comment "IPSECVIRTUAL FORWARD"
+       /sbin/iptables -A FORWARD -j IPSECFORWARD
        /sbin/iptables -A FORWARD -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL FORWARD"
-       /sbin/iptables -t nat -N IPSECNAT
-       /sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
+       /sbin/iptables -A OUTPUT -j IPSECOUTPUT
+       #/sbin/iptables -t nat -N IPSECNAT
+       #/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
 
        # Outgoing Firewall
        /sbin/iptables -A FORWARD -j OUTGOINGFW
@@ -197,10 +200,6 @@ case "$1" in
        /sbin/iptables -N DHCPBLUEINPUT 
        /sbin/iptables -A INPUT -j DHCPBLUEINPUT
 
-       # IPSec
-       /sbin/iptables -N IPSECPHYSICAL
-       /sbin/iptables -A INPUT -j IPSECPHYSICAL
-
        # OPenSSL
        /sbin/iptables -N OPENSSLPHYSICAL
        /sbin/iptables -A INPUT -j OPENSSLPHYSICAL