diff options
Diffstat (limited to 'ipmasq/rules/O50ipsec.rul')
| -rw-r--r-- | ipmasq/rules/O50ipsec.rul | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ipmasq/rules/O50ipsec.rul b/ipmasq/rules/O50ipsec.rul new file mode 100644 index 0000000..c0b5b5c --- /dev/null +++ b/ipmasq/rules/O50ipsec.rul @@ -0,0 +1,22 @@ +#: Allow packets for ipsec hosts to be delivered using ipsec interfaces +if [ -n "$IPSECCONN" ]; then + for i in $IPSECCONN; do + eval "IPSEC_IF=\$IPSEC_IF_$i" + eval "IPSEC_HERE=\$IPSEC_HERE_$i" + eval "IPSEC_THERE=\$IPSEC_THERE_$i" + case $MASQMETHOD in + ipfwadm) + $IPFWADM -O -a accept -W ${i%%:*} -D $IPSEC_HERE + $IPFWADM -O -a accept -W ${i%%:*} -D $IPSEC_THERE + ;; + ipchains) + $IPCHAINS -A output -j ACCEPT -i ${IPSEC_IF%%:*} -d $IPSEC_HERE + $IPCHAINS -A output -j ACCEPT -i ${IPSEC_IF%%:*} -d $IPSEC_THERE + ;; + netfilter) + $IPTABLES -A OUTPUT -j ACCEPT -o ${IPSEC_IF%%:*} -d $IPSEC_HERE + $IPTABLES -A OUTPUT -j ACCEPT -o ${IPSEC_IF%%:*} -d $IPSEC_THERE + ;; + esac + done +fi |