'[Ipcop-svn] SF.net SVN: ipcop:[5830] ipcop/trunk'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-svn
Subject:    [Ipcop-svn] SF.net SVN: ipcop:[5830] ipcop/trunk
From:       owes () users ! sourceforge ! net
Date:       2011-08-24 14:47:01
Message-ID: E1QwEjN-0006zU-1h () sfp-svn-6 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Revision: 5830
          http://ipcop.svn.sourceforge.net/ipcop/?rev=5830&view=rev
Author:   owes
Date:     2011-08-24 14:47:00 +0000 (Wed, 24 Aug 2011)
Log Message:
-----------
Move IPsec marking before CUSTOMFORWARD, to make the IPsec marks available for custom \
rules should an admin require it.

Modified Paths:
--------------
    ipcop/trunk/src/rc.d/rc.firewall
    ipcop/trunk/updates/1.9.21/ROOTFILES.i486-1.9.21

Modified: ipcop/trunk/src/rc.d/rc.firewall
===================================================================
--- ipcop/trunk/src/rc.d/rc.firewall	2011-08-24 08:20:30 UTC (rev 5829)
+++ ipcop/trunk/src/rc.d/rc.firewall	2011-08-24 14:47:00 UTC (rev 5830)
@@ -145,6 +145,10 @@
     # Fix for braindead ISP's
     /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \
--clamp-mss-to-pmtu  
+    # FW_MARK_IPSEC chain, used for marking outgoing (NETKEY) IPsec traffic
+    /sbin/iptables -N FW_MARK_IPSEC
+    /sbin/iptables -A FORWARD -j FW_MARK_IPSEC
+
     # CUSTOM chains, can be used by the users themselves
     /sbin/iptables -N CUSTOMINPUT
     /sbin/iptables -A INPUT -j CUSTOMINPUT
@@ -157,10 +161,6 @@
     /sbin/iptables -t nat -N CUSTOMPOSTROUTING
     /sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
 
-    # FW_MARK_IPSEC chain, used for marking outgoing (NETKEY) IPsec traffic
-    /sbin/iptables -N FW_MARK_IPSEC
-    /sbin/iptables -A FORWARD -j FW_MARK_IPSEC
-
     # INPUT chains for GUI entered rules
     /sbin/iptables -N FW_ADMIN
     /sbin/iptables -A INPUT -j FW_ADMIN

Modified: ipcop/trunk/updates/1.9.21/ROOTFILES.i486-1.9.21
===================================================================
--- ipcop/trunk/updates/1.9.21/ROOTFILES.i486-1.9.21	2011-08-24 08:20:30 UTC (rev \
                5829)
+++ ipcop/trunk/updates/1.9.21/ROOTFILES.i486-1.9.21	2011-08-24 14:47:00 UTC (rev \
5830) @@ -1,4 +1,5 @@
 ## please place IPCop files first, then packages sorted by alphabetical order
+/etc/rc.d/rc.firewall
 /usr/local/bin/emailhelper
 /usr/share/locale/tr_TR/LC_MESSAGES/install.mo
 /usr/share/locale/tr_TR/LC_MESSAGES/ipcop.mo

This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.


------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic