On Tuesday 2008-04-15 18:54, Ingo Oeser wrote: >Jan Engelhardt schrieb: >> It kinda brings me the question why the ipsec transformation is >> not done with an xtables target instead; that would also give >> handy access to connection tracking if needed. > >And simplify firewalling A LOT :-) > >BTW: Anybody has a working ipsec match these days or is this known broken? -p esp, -m policy, take your pick :-) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
