1 |
brianr |
1.1 |
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/events/actions/ipsec-update smeserver-libreswan-0.5/root/etc/e-smith/events/actions/ipsec-update |
2 |
|
|
--- smeserver-libreswan-0.5.old/root/etc/e-smith/events/actions/ipsec-update 2017-09-19 21:24:19.183000457 +0200 |
3 |
|
|
+++ smeserver-libreswan-0.5/root/etc/e-smith/events/actions/ipsec-update 2017-09-19 21:27:34.621000543 +0200 |
4 |
|
|
@@ -272,6 +272,9 @@ |
5 |
|
|
|
6 |
|
|
sub setRedirects { |
7 |
|
|
|
8 |
|
|
+ my $internalIf = $configDB->get_prop( 'InternalInterface', 'Name' ); |
9 |
|
|
+ my $externalIf = $configDB->get_prop( 'ExternalInterface', 'Name' ); |
10 |
|
|
+ |
11 |
|
|
# Big warning - this is a potential security issue |
12 |
|
|
# Make sure you read and understand what happens ! |
13 |
|
|
# If I knew which specific interfaces to change we could reduce the lines here |
14 |
|
|
@@ -289,13 +292,11 @@ |
15 |
|
|
or die("Ipsec Error - A problem occurred with sysctl: $?"); |
16 |
|
|
system("/sbin/sysctl -w net.ipv4.conf.all.rp_filter=0") == 0 |
17 |
|
|
or die("Ipsec Error - A problem occurred with sysctl: $?"); |
18 |
|
|
- system("/sbin/sysctl -w net.ipv4.conf.eth0.rp_filter=0") == 0 |
19 |
|
|
+ system("/sbin/sysctl -w net.ipv4.conf.$externalIf.rp_filter=0") == 0 |
20 |
|
|
or die("Ipsec Error - A problem occurred with sysctl: $?"); |
21 |
|
|
- system("/sbin/sysctl -w net.ipv4.conf.eth1.rp_filter=0") == 0 |
22 |
|
|
+ system("/sbin/sysctl -w net.ipv4.conf.$internalIf.rp_filter=0") == 0 |
23 |
|
|
or die("Ipsec Error - A problem occurred with sysctl: $?"); |
24 |
|
|
|
25 |
|
|
- # On v8 this is set to 0 so we would need |
26 |
|
|
- # system ("/sbin/sysctl -w net.core.xfrm_larval_drop=1") == 0 or die ("A problem occurred with sysctl: $?"); |
27 |
|
|
|
28 |
|
|
} |
29 |
|
|
|