#!/bin/sh

[ "$PLUTO_VERB" = "up-client" ] || exit 0

connection="${PLUTO_CONNECTION##*-}"
flush="$(uci get ipsec.${connection%_[0-9]*}.flush)"

[ "$flush" -eq 1 ] && {
	logger -t ipsec "Flushing conntrack due to $connection up"
	echo f > /proc/net/nf_conntrack
}
