IPsec: Rename ipsec-block script to ipsec-policy

This is a more general name for a script that will be extended
soon to do more than just add blocking rules.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/firewall/ipsec-policy

@@ -21,6 +21,13 @@
 
 VPN_CONFIG="/var/ipfire/vpn/config"
 
+VARS=(
+	id status name lefthost type ctype x1 x2 x3 leftsubnets
+	x4 righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12
+	x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24
+	route rest
+)
+
 block_subnet() {
 	local subnet="${1}"
 	local action="${2}"
@@ -45,21 +52,15 @@ block_subnet() {
 	return 0
 }
 
-block_ipsec() {
+install_policy() {
 	# Flush all exists rules
 	iptables -F IPSECBLOCK
 
+	# Register local variables
+	local "${VARS[@]}"
 	local action
 
-	local vars="id status name lefthost type ctype x1 x2 x3 leftsubnets"
-	vars="${vars} x4 righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12"
-	vars="${vars} x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24"
-	vars="${vars} route rest"
-
-	# Register local variables
-	local ${vars}
-
-	while IFS="," read -r ${vars}; do
+	while IFS="," read -r "${VARS[@]}"; do
 		# Check if the connection is enabled
 		[ "${status}" = "on" ] || continue
 
@@ -85,4 +86,4 @@ block_ipsec() {
 	done < "${VPN_CONFIG}"
 }
 
-block_ipsec || exit $?
+install_policy || exit $?

config/rootfiles/common/aarch64/stage2

@@ -76,7 +76,7 @@ usr/bin/captive-cleanup
 #usr/lib
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
 usr/lib/firewall/rules.pl
 #usr/lib/libgcc_s.so
 usr/lib/libgcc_s.so.1

config/rootfiles/common/stage2

@@ -75,7 +75,7 @@ usr/bin/captive-cleanup
 #usr/lib
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
 usr/lib/firewall/rules.pl
 #usr/lib/libgcc_s.so
 usr/lib/libgcc_s.so.1

config/rootfiles/common/x86_64/stage2

@@ -76,7 +76,7 @@ usr/bin/captive-cleanup
 #usr/lib
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/ipsec-block
+usr/lib/firewall/ipsec-policy
 usr/lib/firewall/rules.pl
 #usr/lib/libgcc_s.so
 usr/lib/libgcc_s.so.1

lfs/stage2

@@ -115,8 +115,8 @@ endif
 		/usr/lib/firewall/rules.pl
 	install -m 644 $(DIR_SRC)/config/firewall/firewall-lib.pl \
 		/usr/lib/firewall/firewall-lib.pl
-	install -m 755 $(DIR_SRC)/config/firewall/ipsec-block \
-		/usr/lib/firewall/ipsec-block
+	install -m 755 $(DIR_SRC)/config/firewall/ipsec-policy \
+		/usr/lib/firewall/ipsec-policy
 
 	# Nobody user
 	-mkdir -p /home/nobody

src/initscripts/system/firewall

@@ -360,8 +360,8 @@ iptables_init() {
 	iptables -t nat -N REDNAT
 	iptables -t nat -A POSTROUTING -j REDNAT
 
-	# Populate IPsec block chain
-	/usr/lib/firewall/ipsec-block
+	# Populate IPsec chains
+	/usr/lib/firewall/ipsec-policy
 
 	# Apply OpenVPN firewall rules
 	/usr/local/bin/openvpnctrl --firewall-rules

src/misc-progs/ipsecctrl.c

@@ -152,8 +152,8 @@ void turn_connection_on(char *name, char *type) {
                 "/usr/sbin/ipsec down %s >/dev/null", name);
         safe_system(command);
 
-	// Reload the IPsec block chain
-	safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+	// Reload the IPsec firewall policy
+	safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
 
 	// Reload the configuration into the daemon (#10339).
 	ipsec_reload();
@@ -182,8 +182,8 @@ void turn_connection_off (char *name) {
 	// Reload, so the connection is dropped.
 	ipsec_reload();
 
-	// Reload the IPsec block chain
-	safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+	// Reload the IPsec firewall policy
+	safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
 }
 
 int main(int argc, char *argv[]) {
@@ -316,7 +316,7 @@ int main(int argc, char *argv[]) {
 
         // start the system
         if ((argc == 2) && strcmp(argv[1], "S") == 0) {
-		safe_system("/usr/lib/firewall/ipsec-block >/dev/null");
+		safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
 		safe_system("/usr/sbin/ipsec restart >/dev/null");
                 exit(0);
         }