webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-24 01:42:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

ipsecctrl: Use --wait switch for all iptables commands

Browse Source
This commit is contained in:
Michael Tremer
2015-05-07 21:06:44 +02:00
parent d9e80e0b09
commit a9600358d8
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/misc-progs/ipsecctrl.c
View File

@@ -59,25 +59,25 @@ void open_physical (char *interface, int nat_traversal_port) {
char str[STRING_SIZE];
// IKE
sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
safe_system(str);
if (! nat_traversal_port)
return;
sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
safe_system(str);
sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
safe_system(str);
}
void ipsec_norules() {
/* clear input rules */
safe_system("/sbin/iptables -F IPSECINPUT");
safe_system("/sbin/iptables -F IPSECFORWARD");
safe_system("/sbin/iptables -F IPSECOUTPUT");
safe_system("/sbin/iptables --wait -F IPSECINPUT");
safe_system("/sbin/iptables --wait -F IPSECFORWARD");
safe_system("/sbin/iptables --wait -F IPSECOUTPUT");
}
/*