Hello, I am currently using iptables version 1.2.7a and encountered the following issue. When using a GRE (over ipsec) tunnel without the optional GRE key field, Netfilter cannot find a unique tupel for all GRE packets. This makes the connection tracking fail. The source code shows only a GRE over PPTP implementation. My understanding is that I need to extend the iptables implementation of version 1.2.7a to enable the connection tracking. Is this true? Was this fixed in a version following 1.2.7a? I would appreciate any information on this. Kind regards, Friedrich - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html