diff options
Diffstat (limited to 'ipmasq/rules/F50ipsec.def')
-rw-r--r-- | ipmasq/rules/F50ipsec.def | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/ipmasq/rules/F50ipsec.def b/ipmasq/rules/F50ipsec.def new file mode 100644 index 0000000..cad4d78 --- /dev/null +++ b/ipmasq/rules/F50ipsec.def @@ -0,0 +1,40 @@ +# You should not edit this file. Instead, create a file with the same +# name as this one, but with a .rul extension instead of .def. The +# .rul file will override this one. +# +# However, any changes you make to this file will be preserved. + +#: Forward packets among internal and IPsec networks +if [ -n "$IPSEC" ]; then + for j in $IPSEC; do + jj=$(echo $j | sed -e 's/\:/_/g') + eval "CIDROFIPSEC=\$CIDROFIPSEC_$jj" + for DESTCIDR in $CIDROFIPSEC; do + for i in $INTERNAL; do + if [ "$i" != "$j" ]; then + ipnm_cache $i + case $MASQMETHOD in + ipfwadm) + if [ -n "$PEEROFIF" ]; then + $IPFWADM -F -a accept -S $PEEROFIF/$NMOFIF -D $DESTCIDR + fi + $IPFWADM -F -a accept -S $IPOFIF/$NMOFIF -D $DESTCIDR + ;; + ipchains) + if [ -n "$PEEROFIF" ]; then + $IPCHAINS --no-warnings -A forward -j ACCEPT -s $PEEROFIF/$NMOFIF -d $DESTCIDR + fi + $IPCHAINS --no-warnings -A forward -j ACCEPT -s $IPOFIF/$NMOFIF -d $DESTCIDR + ;; + netfilter) + if [ -n "$PEEROFIF" ]; then + $IPTABLES -A FORWARD -j ACCEPT -s $PEEROFIF/$NMOFIF -d $DESTCIDR + fi + $IPTABLES -A FORWARD -j ACCEPT -s $IPOFIF/$NMOFIF -d $DESTCIDR + ;; + esac + fi + done + done + done +fi |