webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 11:35:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

ipsecctrl: remove fw-rules clear because strongswan try to do this also.

Browse Source
This commit is contained in:
Arne Fitzenreiter
2010-06-24 23:35:40 +02:00
parent 798023e9a6
commit 1f324fd71d
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/misc-progs/ipsecctrl.c
View File

@@ -58,12 +58,17 @@ void open_physical (char *interface, int nat_traversal_port) {
// sprintf(str, "/sbin/iptables -A " phystable " -p 51 -i %s -j ACCEPT", interface);
// safe_system(str);
// IKE
sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --sport 500 --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --sport 500 --dport 500 -j ACCEPT", interface);
safe_system(str);
if (! nat_traversal_port)
return;
sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
safe_system(str);
sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
safe_system(str);
}
@@ -200,21 +205,18 @@ int main(int argc, char *argv[]) {
/* handle operations that doesn't need start the ipsec system */
if (argc == 2) {
if (strcmp(argv[1], "D") == 0) {
ipsec_norules();
/* Only shutdown pluto if it really is running */
/* Get pluto pid */
if (file = fopen("/var/run/pluto.pid", "r")) {
safe_system("/etc/rc.d/init.d/ipsec stop 2> /dev/null >/dev/null");
close(file);
}
ipsec_norules();
exit(0);
}
}
/* clear iptables vpn rules */
ipsec_norules();
/* read vpn config */
kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/vpn/settings"))
@@ -348,7 +350,6 @@ int main(int argc, char *argv[]) {
// it is a selective start or stop
// second param is only a number 'key'
if ((argc == 2) || strspn(argv[2], NUMBERS) != strlen(argv[2])) {
ipsec_norules();
fprintf(stderr, "Bad arg\n");
usage();
exit(1);
@@ -356,7 +357,6 @@ int main(int argc, char *argv[]) {
// search the vpn pointed by 'key'
if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
ipsec_norules();
fprintf(stderr, "Couldn't open vpn settings file");
exit(1);
}
@@ -386,7 +386,6 @@ int main(int argc, char *argv[]) {
if (strcmp(argv[1], "D") == 0)
turn_connection_off (name);
else {
ipsec_norules();
fprintf(stderr, "Bad command\n");
exit(1);
}