summaryrefslogtreecommitdiffstats
path: root/roles/common/files/usr/local
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-11-04 08:25:54 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:50:44 +0200
commit51ea7eca6ca198606a71c107bb67d64186761456 (patch)
tree14813b4755d3f58113597dd96aa02da78b63494d /roles/common/files/usr/local
parent0dd6a96ce1bf2cef9140d01a5c49eb92e2f8ec6f (diff)
wibble
Diffstat (limited to 'roles/common/files/usr/local')
-rwxr-xr-xroles/common/files/usr/local/sbin/update-firewall.sh4
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/common/files/usr/local/sbin/update-firewall.sh b/roles/common/files/usr/local/sbin/update-firewall.sh
index 1c57646..2e16711 100755
--- a/roles/common/files/usr/local/sbin/update-firewall.sh
+++ b/roles/common/files/usr/local/sbin/update-firewall.sh
@@ -34,7 +34,7 @@ secmark=0xA99 # must match that in /etc/network/if-up.d/ipsec
secproto=esp # must match /etc/ipsec.conf; ESP is the default (vs AH/IPComp)
fail2ban_re='^(\[[0-9]+:[0-9]+\]\s+)?-A fail2ban-\S'
-IPSec_re=" -m policy --dir (in|out) --pol ipsec .* --proto $secproto -j ACCEPT$"
+IPSec_re=" -m policy --dir (in|out) --pol ipsec --reqid [0-9]+ --proto $secproto -j ACCEPT$"
declare -A rss=() tables=()
usage() {
@@ -193,7 +193,7 @@ run() {
grep -E -- "$fail2ban_re" "$old" || true
fi >> "$new"
- if [ -n "$ifsec" ]; then
+ if [ -n "$ipsec" ]; then
# (Host-to-host) IPSec tunnels come first. TODO: test IPSec with IPv6.
grep -E -- "$IPSec_re" "$old" >> "$new" || true