allow esp traffic from and to me

author mh <mh@immerda.ch>

Tue, 26 Apr 2011 01:08:37 +0000 (03:08 +0200)

committer Micah Anderson <micah@riseup.net>

Tue, 21 Jun 2011 16:16:27 +0000 (12:16 -0400)
author mh <mh@immerda.ch>
Tue, 26 Apr 2011 01:08:37 +0000 (03:08 +0200)
committer Micah Anderson <micah@riseup.net>
Tue, 21 Jun 2011 16:16:27 +0000 (12:16 -0400)
diff --git a/manifests/rules/ipsec.pp b/manifests/rules/ipsec.pp

index c609d0a814b3fb62b9acb9712a1407b02d0ef620..3e9db55317dd8586e93df9fd5cd1bbc97241a7cf 100644 (file)
--- a/manifests/rules/ipsec.pp
+++ b/manifests/rules/ipsec.pp
@@ -1,18 +1,30 @@
  class shorewall::rules::ipsec {
-    shorewall::rule { 'net-me-ipsec-udp':
+    shorewall::rule {
+      'net-me-ipsec-udp':
          source          => 'net',
          destination     => '$FW',
          proto           => 'udp',
          destinationport => '500',
          order           => 240,
          action          => 'ACCEPT';
-    }
-    shorewall::rule { 'me-net-ipsec-udp':
+      'me-net-ipsec-udp':
          source          => '$FW',
          destination     => 'net',
          proto           => 'udp',
          destinationport => '500',
          order           => 240,
          action          => 'ACCEPT';
+      'net-me-ipsec':
+        source          => 'net',
+        destination     => '$FW',
+        proto           => 'esp',
+        order           => 240,
+        action          => 'ACCEPT';
+      'me-net-ipsec':
+        source          => '$FW',
+        destination     => 'net',
+        proto           => 'esp',
+        order           => 240,
+        action          => 'ACCEPT';
      }
  }
author	mh <mh@immerda.ch>
	Tue, 26 Apr 2011 01:08:37 +0000 (03:08 +0200)
committer	Micah Anderson <micah@riseup.net>
	Tue, 21 Jun 2011 16:16:27 +0000 (12:16 -0400)