diff options
| author | Chris Buechler <cmb@pfsense.org> | 2009-05-31 16:36:51 -0400 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2009-05-31 16:36:51 -0400 |
| commit | 24afa0183ed4237b04f8e63468dd455a93cf2df3 (patch) | |
| tree | 58cc1f485065bb6e6df1375610d3b8b767a95a0d /etc | |
| parent | 47c13f0359b0b82cdb0076c506b319fbfd216593 (diff) | |
| parent | a0793ae4686da42ae5c8281bd296f4e82070ec41 (diff) | |
| download | pfsense-24afa0183ed4237b04f8e63468dd455a93cf2df3.zip pfsense-24afa0183ed4237b04f8e63468dd455a93cf2df3.tar.gz | |
Merge branch 'RELENG_1_2' of http://gitweb.pfsense.org/pfsense/mainline into RELENG_1_2
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 7 | ||||
| -rw-r--r-- | etc/inc/system.inc | 7 | ||||
| -rwxr-xr-x | etc/rc | 3 |
3 files changed, 13 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f647e58..9cdddbc 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2819,6 +2819,10 @@ EOD; $shorttunneldescr = substr($tunnel['descr'], 0, 26); $ipfrules .= "pass out quick on \${$iface} proto udp from any to {$remote_gateway} port = 500 keep state label \"IPSEC: {$shorttunneldescr} - outbound isakmp\"\n"; $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to any port = 500 keep state label \"IPSEC: {$shorttunneldescr} - inbound isakmp\"\n"; + if (isset($tunnel['natt'])) { + $ipfrules .= "pass out quick on \${$iface} proto udp from any to {$remote_gateway} port = 4500 keep state label \"IPSEC: {$shorttunneldescr} - outbound nat-t\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to any port = 4500 keep state label \"IPSEC: {$shorttunneldescr} - inbound nat-t\"\n"; + } if ($tunnel['p2']['protocol'] == 'esp') { $ipfrules .= "pass out quick on \${$iface} proto esp from any to {$remote_gateway} keep state label \"IPSEC: {$shorttunneldescr} - outbound esp proto\"\n"; $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to any keep state label \"IPSEC: {$shorttunneldescr} - inbound esp proto\"\n"; @@ -2842,6 +2846,9 @@ EOD; $ipfrules .= "pass in quick on \${$iface} proto udp from any to any port = 500 keep state label \"IPSEC: Mobile - inbound isakmp\"\n"; $ipfrules .= "pass in quick on \${$iface} proto esp from any to any keep state label \"IPSEC: Mobile - inbound esp proto\"\n"; $ipfrules .= "pass in quick on \${$iface} proto ah from any to any keep state label \"IPSEC: Mobile - inbound ah proto\"\n"; + if (isset($ipseccfg['mobileclients']['natt'])) { + $ipfrules .= "pass in quick on \${$iface} proto udp from any to any port = 4500 keep state label \"IPSEC: Mobile - inbound nat-t\"\n"; + } } } } diff --git a/etc/inc/system.inc b/etc/inc/system.inc index c493ccd..779925d 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -215,8 +215,13 @@ function system_hostname_configure() { $syscfg = $config['system']; /* set hostname */ - return mwexec("/bin/hostname " . + $status = mwexec("/bin/hostname " . escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}")); + + /* Setup host GUID ID. This is used by ZFS. */ + mwexec("/etc/rc.d/hostid start"); + + return $status; } function system_routing_configure() { @@ -270,9 +270,6 @@ fi rm -f /cf/conf/backup/backup.cache -# Setup host GUID ID. This is used by ZFS. -/etc/rc.d/hostid start - # Copy php.ini to alternate location after generation cp /usr/local/lib/php.ini /usr/local/etc/php.ini |
