On Monday 2011-07-25 00:40, Greg Scott wrote: >But wait a minute - something else has gotta be going on here. The >original rules had an ACCEPT for UDP and TCP port 500 and then for ESP >and AH. Yes, and where was the accept for unencrypted packets that do not belong to IKE? That's the whole point. >And then the DROP all rule. When the drop all rule is removed, >then everything comes through[...] -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
