On Fri, 23 Jan 2004 17:03:19 +0100 Nico Schottelius <nico-linux-net@schottelius.org> wrote: > Is that right? > > This looks for me like bug in netfilter... Netfilter first sees the pre-encrypted SSH TCP packets before they are encapsulated in ESP, and thus your rules say to drop those. That's just how things work currently. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
