From 51ea7eca6ca198606a71c107bb67d64186761456 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 4 Nov 2013 08:25:54 +0100
Subject: wibble

---
 roles/common/files/etc/network/if-up.d/ipsec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roles/common/files/etc/network')

diff --git a/roles/common/files/etc/network/if-up.d/ipsec b/roles/common/files/etc/network/if-up.d/ipsec
index a43af6c..db9f979 100755
--- a/roles/common/files/etc/network/if-up.d/ipsec
+++ b/roles/common/files/etc/network/if-up.d/ipsec
@@ -42,8 +42,8 @@ case "$MODE" in
            # been SNAT'ed from $ipsec, and didn't have a xfrm
            # association.  Hence we nullroute it to avoid to leak data
            # intented to be tunneled through IPSec.  /!\ The priority
-           # must be >220 (strongSwan IPSec's policy) since xfrm lookup
-           # must take precedence.
+           # must be >220 (which the one used by strongSwan IPSec) since
+           # xfrm lookup must take precedence.
            /bin/ip rule  add fwmark "$secmark" table 666 priority 666 || true
            /bin/ip route add prohibit default  table 666              || true
     ;;
-- 
cgit v1.2.3