blob: 45786e655683e68eba91558a65fe7564b22e67d4 (
plain)
- if [ "$SHOWRULES" = "yes" ]; then
- echo "Interfaces found:"
- fi
- # precompute ips and netmasks
- if [ -n "$EXTERNAL" -o -n "$INTERNAL" -o -n "$IPSEC" ]; then
- for i in $EXTERNAL $INTERNAL $IPSEC; do
- ii=$(echo $i | sed -e 's/\:/_/g')
- ip=$(ipofif $i)
- nm=$(nmofif $i)
- peer=$(peerofif $i)
- bc=$(bcofif $i)
- eval "IPOFIF_$ii=$ip"
- eval "NMOFIF_$ii=$nm"
- eval "PEEROFIF_$ii=$peer"
- eval "BCOFIF_$ii=$bc"
- if [ "$SHOWRULES" = "yes" ]; then
- echo -e " $i\t$ip/$nm"
- fi
- done
- fi
- # precompute ipsec connections
- if [ -n "$IPSEC" ]; then
- if [ "$SHOWRULES" = "yes" ]; then
- echo "IPSec connections found:"
- fi
- IPSECCONN=""
- for i in $IPSEC; do
- ii=$(echo $i | sed -e 's/\:/_/g')
- eval "ip=\$IPOFIF_$ii"
- eval "nm=\$IPOFIF_$ii"
- igw=$(ipsec look | grep IPIP:.*src=$ip | sed 's/^\([^[:blank:]]*\).*/\1/')
- conncollect=""
- for ipsecgw in $igw; do
- conn=$(ipsec look | grep "=> $ipsecgw" | sed 's/^.*=>[[:blank:]]*\([^@[:blank:]]*\).*/\1/')
- conncollect="$conncollect $conn"
- eval "IPSEC_IF_$conn=$i"
- cidrleft=$(ipsec look | grep "=> $ipsecgw" | sed 's/^\([^[:blank:]]*\)[[:blank:]]*->[[:blank:]]*[^[:blank:]]*.*/\1/')
- eval "IPSEC_HERE_$conn=$cidrleft"
- cidrright=$(ipsec look | grep "=> $ipsecgw" | sed 's/^[^[:blank:]]*[[:blank:]]*->[[:blank:]]*\([^[:blank:]]*\).*/\1/')
- eval "IPSEC_THERE_$conn=$cidrright"
- eval "IPSEC_THERE_$conn=$cidrright"
- done
- IPSECCONN="$IPSECCONN $conncollect"
- eval "IPSECCONN_${ii}=\"$conncollect\""
- if [ "$SHOWRULES" = "yes" ]; then
- echo -e " $i\t$ip/$nm"
- for conn in $conncollect; do
- eval "IPSEC_HERE=\$IPSEC_HERE_$conn"
- eval "IPSEC_THERE=\$IPSEC_THERE_$conn"
- echo -e " $IPSEC_HERE -> $IPSEC_THERE"
- done
- fi
- done
- fi
|