On Wednesday 2009-02-18 17:17, Jianqing Zhang wrote: >If I configure both IPsec SPs and iptables, when an IP packet is going >out or coming, which will process the packet first? SP or iptables >(netfilters) rules? On the input path, obviously ESP is the first one seen, then the unpacked one; on the output path this is precisely reversed. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
