summaryrefslogtreecommitdiffstats
path: root/roles/common/files/etc/network/if-up.d/ipsec
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-11-04 08:25:54 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:50:44 +0200
commit51ea7eca6ca198606a71c107bb67d64186761456 (patch)
tree14813b4755d3f58113597dd96aa02da78b63494d /roles/common/files/etc/network/if-up.d/ipsec
parent0dd6a96ce1bf2cef9140d01a5c49eb92e2f8ec6f (diff)
wibble
Diffstat (limited to 'roles/common/files/etc/network/if-up.d/ipsec')
-rwxr-xr-xroles/common/files/etc/network/if-up.d/ipsec4
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/common/files/etc/network/if-up.d/ipsec b/roles/common/files/etc/network/if-up.d/ipsec
index a43af6c..db9f979 100755
--- a/roles/common/files/etc/network/if-up.d/ipsec
+++ b/roles/common/files/etc/network/if-up.d/ipsec
@@ -42,8 +42,8 @@ case "$MODE" in
# been SNAT'ed from $ipsec, and didn't have a xfrm
# association. Hence we nullroute it to avoid to leak data
# intented to be tunneled through IPSec. /!\ The priority
- # must be >220 (strongSwan IPSec's policy) since xfrm lookup
- # must take precedence.
+ # must be >220 (which the one used by strongSwan IPSec) since
+ # xfrm lookup must take precedence.
/bin/ip rule add fwmark "$secmark" table 666 priority 666 || true
/bin/ip route add prohibit default table 666 || true
;;