incubator-cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yas...@apache.org
Subject git commit: S2S VPN: CS-16092: Add ESP rule to iptables
Date Tue, 21 Aug 2012 00:29:11 GMT
Updated Branches:
  refs/heads/master aa64dc5fd -> 20ccb6c1c


S2S VPN: CS-16092: Add ESP rule to iptables

Otherwise the other end cannot initiate connection.


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/20ccb6c1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/20ccb6c1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/20ccb6c1

Branch: refs/heads/master
Commit: 20ccb6c1cbf92de7d230b3744025c945a0e4bb61
Parents: aa64dc5
Author: Sheng Yang <sheng.yang@citrix.com>
Authored: Mon Aug 20 11:15:51 2012 -0700
Committer: Sheng Yang <sheng.yang@citrix.com>
Committed: Mon Aug 20 17:28:46 2012 -0700

----------------------------------------------------------------------
 .../debian/config/opt/cloud/bin/ipsectunnel.sh     |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/20ccb6c1/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh b/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
index 0b8c992..d4f4153 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
@@ -68,6 +68,7 @@ check_and_enable_iptables() {
   then
       sudo iptables -A INPUT -i $outIf -p udp -m udp --dport 500 -j ACCEPT
       sudo iptables -A INPUT -i $outIf -p udp -m udp --dport 4500 -j ACCEPT
+      sudo iptables -A INPUT -i $outIf -p 50 -j ACCEPT
       # Prevent NAT on "marked" VPN traffic, so need to be the first one on POSTROUTING chain
       sudo iptables -t nat -I POSTROUTING -t nat -o $outIf -m mark --mark $vpnoutmark -j
ACCEPT
   fi
@@ -92,6 +93,7 @@ check_and_disable_iptables() {
     #Nobody else use s2s vpn now, so delete the iptables rules
     sudo iptables -D INPUT -i $outIf -p udp -m udp --dport 500 -j ACCEPT
     sudo iptables -D INPUT -i $outIf -p udp -m udp --dport 4500 -j ACCEPT
+    sudo iptables -D INPUT -i $outIf -p 50 -j ACCEPT
     sudo iptables -t nat -D POSTROUTING -t nat -o $outIf -m mark --mark $vpnoutmark -j ACCEPT
   fi
   return 0


Mime
View raw message