summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-24 17:13:38 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-24 17:13:38 +0200
commit25564fcae2ed65eb3c1981e1e0e44621a3c9d7eb (patch)
tree63183ad2fd8ff88366f3762af6ecaf9423de74cd
parent1af3c572eedb0eaddcdc5c9c41d98ff59bb7b2c9 (diff)
typo
-rw-r--r--group_vars/all.yml4
-rwxr-xr-xroles/common/files/usr/local/sbin/update-firewall.sh8
2 files changed, 6 insertions, 6 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml
index c7900a6..9458dc0 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -11,8 +11,8 @@ postfix_instance:
# Virtual (non-routable) IPv4 subnet for IPSec. It is always nullrouted
-# on in the absence of xfrm lookup (i.e., when there is no matching
-# IPSec Security Association) to avoid data leaks.
+# in the absence of xfrm lookup (i.e., when there is no matching IPSec
+# Security Association) to avoid data leaks.
ipsec_subnet: 172.16.0.0/24
ipsec:
# Virtual (non-routable) addresses for IPSec. They all need to be
diff --git a/roles/common/files/usr/local/sbin/update-firewall.sh b/roles/common/files/usr/local/sbin/update-firewall.sh
index 065bae2..d5e2238 100755
--- a/roles/common/files/usr/local/sbin/update-firewall.sh
+++ b/roles/common/files/usr/local/sbin/update-firewall.sh
@@ -264,10 +264,10 @@ run() {
if [ "$f" = 4 -a "$ipsec" = y ]; then
# Allow local access to our virtual IP
/bin/ip -4 -o route show table 220 dev $if \
- | sed -nr 's/.*\ssrc\s+([[:digit:].]{7,15})(\s.*)?/\1/p' \
- | while read ipsec; do
- iptables -A INPUT -i lo -s "$ipsec" -d "$ipsec" -j ACCEPT
- iptables -A OUTPUT -o lo -s "$ipsec" -d "$ipsec" -j ACCEPT
+ | sed -nr 's/.*\ssrc\s+([[:digit:].]{7,15})(\s.*)?$/\1/p' \
+ | while read ips; do
+ iptables -A INPUT -i lo -s "$ips" -d "$ips" -j ACCEPT
+ iptables -A OUTPUT -o lo -s "$ips" -d "$ips" -j ACCEPT
done
fi