From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 3 Apr 2026 12:41:31 +0000 (+0000)
Subject: strongswan: Fix chain name when removing rules
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2cafa8efa1cd25f592952e20cdd93f5e04a6bb3;p=ipfire-2.x.git

strongswan: Fix chain name when removing rules

This caused that a lot of rules have been appended to IPSECOUTPUT which
never were removed again. There were no implications but a very log
chain with a lot of redundant rules.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/patches/strongswan-ipfire.patch b/src/patches/strongswan-ipfire.patch
index a1f80d361..f2723c813 100644
--- a/src/patches/strongswan-ipfire.patch
+++ b/src/patches/strongswan-ipfire.patch
@@ -185,13 +185,13 @@ index 34eaf68c7..38aa63354 100644
 +	iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p ESP \
 +		-s $PLUTO_PEER $S_PEER_PORT \
 +		-d $PLUTO_ME $D_MY_PORT -j ACCEPT
-+	iptables --wait -D IPSECINPUT -o $PLUTO_INTERFACE -p IPIP \
++	iptables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p IPIP \
 +		-s $PLUTO_ME $D_MY_PORT \
 +		-d $PLUTO_PEER $S_PEER_PORT -j ACCEPT
-+	iptables --wait -D IPSECINPUT -o $PLUTO_INTERFACE -p AH \
++	iptables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p AH \
 +		-s $PLUTO_ME $D_MY_PORT \
 +		-d $PLUTO_PEER $S_PEER_PORT -j ACCEPT
-+	iptables --wait -D IPSECINPUT -o $PLUTO_INTERFACE -p ESP \
++	iptables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p ESP \
 +		-s $PLUTO_ME $D_MY_PORT \
 +		-d $PLUTO_PEER $S_PEER_PORT -j ACCEPT
  	;;