Revision ff3c14a5
Added by Chris Buechler over 10 years ago
| etc/inc/vpn.inc | ||
|---|---|---|
| 104 | 104 |
/* get the automatic ping_hosts.sh ready */ |
| 105 | 105 |
unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts");
|
| 106 | 106 |
touch("{$g['vardb_path']}/ipsecpinghosts");
|
| 107 |
|
|
| 108 |
/* service may have been enabled, disabled, or otherwise changed in a way requiring rule updates */ |
|
| 109 |
filter_configure(); |
|
| 107 | 110 |
|
| 108 | 111 |
$syscfg = $config['system']; |
| 109 | 112 |
$ipseccfg = $config['ipsec']; |
| ... | ... | |
| 120 | 123 |
mwexec("/sbin/ifconfig enc0 down");
|
| 121 | 124 |
set_single_sysctl("net.inet.ip.ipsec_in_use", "0");
|
| 122 | 125 |
|
| 123 |
filter_configure(); |
|
| 124 |
|
|
| 125 | 126 |
return 0; |
| 126 | 127 |
} |
| 127 | 128 |
|
Also available in: Unified diff
Always do a filter reload in vpn_ipsec_configure to ensure the ruleset is
updated where necessary in every IPsec change scenario.