ipsec-policy: Permit GRE traffic for GRE connections
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 29 Nov 2018 15:58:55 +0000 (15:58 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 4 Feb 2019 18:20:36 +0000 (18:20 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/firewall/ipsec-policy

index 53384fc..32d171f 100644 (file)
@@ -82,6 +82,19 @@ install_policy() {
                # Check if this a net-to-net connection
                [ "${type}" = "net" ] || continue
 
+               # Install permissions for GRE traffic
+               case "${interface_mode}" in
+                       gre)
+                               if [ -n "${remote}" ]; then
+                                       iptables -A IPSECINPUT -p gre \
+                                               -s "${remote}" -j ACCEPT
+
+                                       iptables -A IPSECOUTPUT -p gre \
+                                               -d "${remote}" -j ACCEPT
+                               fi
+                               ;;
+               esac
+
                # Split multiple subnets
                rightsubnets="${rightsubnets//\|/ }"