Hello, I don't fully understand the two rules below. Since each of the rules are get inserted at position 1 in the table the ESP rule ends up below the policy matching rule, will the ESP rule ever be checked? # allow all ipsec traffic into and out $IP6_TABLES -I INPUT 1 -i $EXIF -p esp -j ACCEPT $IP6_TABLES -I OUTPUT 1 -o $EXIF -p esp -j ACCEPT $IP6_TABLES -I INPUT 1 -i $EXIF -m policy --dir in --pol ipsec -j ACCEPT $IP6_TABLES -I OUTPUT 1 -o $EXIF -m policy --dir out --pol ipsec -j ACCEPT I have an application which does not seem to operate through my ipsec tunnel without both rules in place, I'm having trouble figuring out why. Thank you in advance. Jamie Knight (rjknight@xxxxxxxxxx) IBM Power Firmware Development (512) 286-7017 (t/l 386-7017) office 045/2A-01 IBM Austin, TX -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html