]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 73a8641)
strongswan: Fix chain name when removing rules
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 3 Apr 2026 12:41:31 +0000 (12:41 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 3 Apr 2026 12:41:31 +0000 (12:41 +0000)
This caused that a lot of rules have been appended to IPSECOUTPUT which
never were removed again. There were no implications but a very log
chain with a lot of redundant rules.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/patches/strongswan-ipfire.patch patch | blob | blame | history

diff --git a/src/patches/strongswan-ipfire.patch b/src/patches/strongswan-ipfire.patch
index a1f80d3619cb59e9ee9b99eb0da26c6aa041415c..f2723c813631450ff9947b1a34315a6aaeaf12b2 100644 (file)
--- a/src/patches/strongswan-ipfire.patch
+++ b/src/patches/strongswan-ipfire.patch
@@ -185,13 +185,13 @@ index 34eaf68c7..38aa63354 100644
 +      iptables --wait -D IPSECINPUT -i $PLUTO_INTERFACE -p ESP \
 +              -s $PLUTO_PEER $S_PEER_PORT \
 +              -d $PLUTO_ME $D_MY_PORT -j ACCEPT
-+      iptables --wait -D IPSECINPUT -o $PLUTO_INTERFACE -p IPIP \
++      iptables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p IPIP \
 +              -s $PLUTO_ME $D_MY_PORT \
 +              -d $PLUTO_PEER $S_PEER_PORT -j ACCEPT
-+      iptables --wait -D IPSECINPUT -o $PLUTO_INTERFACE -p AH \
++      iptables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p AH \
 +              -s $PLUTO_ME $D_MY_PORT \
 +              -d $PLUTO_PEER $S_PEER_PORT -j ACCEPT
-+      iptables --wait -D IPSECINPUT -o $PLUTO_INTERFACE -p ESP \
++      iptables --wait -D IPSECOUTPUT -o $PLUTO_INTERFACE -p ESP \
 +              -s $PLUTO_ME $D_MY_PORT \
 +              -d $PLUTO_PEER $S_PEER_PORT -j ACCEPT
        ;;
IPFire 2.x development tree