Re: [Shorewall-devel] Ipsec in Shorewall 4.0.0-RC1

[Tom Eastep]

Alexander Wilms wrote:
> Hi Tom, hi list.
> 
> I have an issue in in RC1. The Setup works flawlessly with 3.x and with the 
> shelll compiler of RC1, but with the same setup and the perl compiler my 
> IPSEC traffic gets dropped in net2all chain. Attached is a dump, compiled 
> with perl, including some dropped traffic, e.g. SRC=192.168.66.10 
> DST=192.168.1.2
> 
> Did I overlook something in migration process?

No -- it's a bug.

Please apply the attached patch in the /usr/share/shorewall-perl/ directory.

Please let me know if that solves your problem.

Thanks,
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Index: Shorewall/Rules.pm
===================================================================
--- Shorewall/Rules.pm	(revision 6796)
+++ Shorewall/Rules.pm	(working copy)
@@ -1471,7 +1471,7 @@
 
 	if ( $capabilities{POLICY_MATCH} ) {
 	    my $type       = $zoneref->{type};
-	    my $source_ref = ( $zoneref->{hosts}{ipsec} ) || {};
+	    my $source_ref = ( $zoneref->{hosts}{ipsec4} ) || {};
 
 	    if ( $config{DYNAMIC_ZONES} ) {
 		no warnings;
@@ -1556,7 +1556,7 @@
 			}
 
 			add_rule $filter_table->{forward_chain $interface} , join( '', $source, $ipsec_in_match. "-j $frwd_ref->{name}" )
-			    if $complex && $hostref->{ipsec} ne 'ipsec';
+			    if $complex && $hostref->{ipsec} ne 'ipsec4';
 
 			$needbroadcast{$interface}{$source} = 1 if get_interface_option $interface, 'detectnets';
 		    }
Index: Shorewall/Interfaces.pm
===================================================================
--- Shorewall/Interfaces.pm	(revision 6796)
+++ Shorewall/Interfaces.pm	(working copy)
@@ -144,7 +144,7 @@
     
     push @{$arrayref}, { options => $options,
 			 hosts   => [EMAIL PROTECTED],
-			 ipsec   => $type eq 'ipsec' ? 'ipsec' : 'none' };
+			 ipsec   => $type eq 'ipsec4' ? 'ipsec' : 'none' };
 }
 
 #

signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel