question about esp and policy matching rule

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

 I don't fully understand the two rules below.

Since each of the rules are get inserted at position 1 in the table the ESP
rule ends up below the policy matching rule, will the ESP rule ever be
checked?

# allow all ipsec traffic into and out
$IP6_TABLES -I INPUT  1 -i $EXIF -p esp -j ACCEPT
$IP6_TABLES -I OUTPUT 1 -o $EXIF -p esp -j ACCEPT
$IP6_TABLES -I INPUT  1 -i $EXIF -m policy --dir in  --pol ipsec  -j ACCEPT
$IP6_TABLES -I OUTPUT 1 -o $EXIF -m policy --dir out --pol ipsec  -j ACCEPT

I have an application which does not seem to operate through my ipsec
tunnel without both rules in place, I'm having trouble figuring out why.


Thank you in advance.

Jamie Knight (rjknight@xxxxxxxxxx)
IBM Power Firmware Development
(512) 286-7017 (t/l 386-7017)
office 045/2A-01
IBM Austin, TX

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux