Some changes for strongswan.

[people/pmueller/ipfire-2.x.git] / src / initscripts / init.d / firewall

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 55bc066aaeb87ba41918cf035a056fa43e50356c..9b708697f3b5a9bd48d0abf2e6f7545c6e2dd906 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -116,7 +116,8 @@ iptables_red() {
                        /sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
                fi
 
-               # Outgoing masquerading
+               # Outgoing masquerading (don't masqerade IPSEC (mark 50))
+               /sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
                /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
 
        fi