safe_system(str);
sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
safe_system(str);
+ sprintf(str, "/sbin/iptables --wait -D IPSECOUTPUT -p udp -o %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
+ safe_system(str);
+ sprintf(str, "/sbin/iptables --wait -A IPSECOUTPUT -p udp -o %s --dport 500 -j ACCEPT", interface);
+ safe_system(str);
if (! nat_traversal_port)
return;
safe_system(str);
sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
safe_system(str);
+ sprintf(str, "/sbin/iptables --wait -D IPSECOUTPUT -p udp -o %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
+ safe_system(str);
+ sprintf(str, "/sbin/iptables --wait -A IPSECOUTPUT -p udp -o %s --dport %i -j ACCEPT", interface, nat_traversal_port);
+ safe_system(str);
}
void ipsec_norules() {
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
+ // Reload the IPsec block chain
+ safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+
// Reload the configuration into the daemon (#10339).
ipsec_reload();
// Reload, so the connection is dropped.
ipsec_reload();
+
+ // Reload the IPsec block chain
+ safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
}
int main(int argc, char *argv[]) {
// start the system
if ((argc == 2) && strcmp(argv[1], "S") == 0) {
+ safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
safe_system("/usr/sbin/ipsec restart >/dev/null");
exit(0);
}
projects / people / pmueller / ipfire-2.x.git / blobdiff