From 25564fcae2ed65eb3c1981e1e0e44621a3c9d7eb Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 24 May 2016 17:13:38 +0200 Subject: typo --- group_vars/all.yml | 4 ++-- roles/common/files/usr/local/sbin/update-firewall.sh | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index c7900a6..9458dc0 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -11,8 +11,8 @@ postfix_instance: # Virtual (non-routable) IPv4 subnet for IPSec. It is always nullrouted -# on in the absence of xfrm lookup (i.e., when there is no matching -# IPSec Security Association) to avoid data leaks. +# in the absence of xfrm lookup (i.e., when there is no matching IPSec +# Security Association) to avoid data leaks. ipsec_subnet: 172.16.0.0/24 ipsec: # Virtual (non-routable) addresses for IPSec. They all need to be diff --git a/roles/common/files/usr/local/sbin/update-firewall.sh b/roles/common/files/usr/local/sbin/update-firewall.sh index 065bae2..d5e2238 100755 --- a/roles/common/files/usr/local/sbin/update-firewall.sh +++ b/roles/common/files/usr/local/sbin/update-firewall.sh @@ -264,10 +264,10 @@ run() { if [ "$f" = 4 -a "$ipsec" = y ]; then # Allow local access to our virtual IP /bin/ip -4 -o route show table 220 dev $if \ - | sed -nr 's/.*\ssrc\s+([[:digit:].]{7,15})(\s.*)?/\1/p' \ - | while read ipsec; do - iptables -A INPUT -i lo -s "$ipsec" -d "$ipsec" -j ACCEPT - iptables -A OUTPUT -o lo -s "$ipsec" -d "$ipsec" -j ACCEPT + | sed -nr 's/.*\ssrc\s+([[:digit:].]{7,15})(\s.*)?$/\1/p' \ + | while read ips; do + iptables -A INPUT -i lo -s "$ips" -d "$ips" -j ACCEPT + iptables -A OUTPUT -o lo -s "$ips" -d "$ips" -j ACCEPT done fi -- cgit v1.2.3