mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-24 01:42:58 +02:00
ipsecctrl: Use --wait switch for all iptables commands
This commit is contained in:
@@ -59,25 +59,25 @@ void open_physical (char *interface, int nat_traversal_port) {
|
||||
char str[STRING_SIZE];
|
||||
|
||||
// IKE
|
||||
sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
|
||||
sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
|
||||
safe_system(str);
|
||||
sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
|
||||
sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
|
||||
safe_system(str);
|
||||
|
||||
if (! nat_traversal_port)
|
||||
return;
|
||||
|
||||
sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
|
||||
sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
|
||||
safe_system(str);
|
||||
sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
|
||||
sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
|
||||
safe_system(str);
|
||||
}
|
||||
|
||||
void ipsec_norules() {
|
||||
/* clear input rules */
|
||||
safe_system("/sbin/iptables -F IPSECINPUT");
|
||||
safe_system("/sbin/iptables -F IPSECFORWARD");
|
||||
safe_system("/sbin/iptables -F IPSECOUTPUT");
|
||||
safe_system("/sbin/iptables --wait -F IPSECINPUT");
|
||||
safe_system("/sbin/iptables --wait -F IPSECFORWARD");
|
||||
safe_system("/sbin/iptables --wait -F IPSECOUTPUT");
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user