Hi First of all, sorry for the previous posts. After taking some time off and giving this a fresh look, I realized I did not only do some copy and paste errors for these mails, but also my focus for the correct matching conditions was that fixed, that I totally overlooked having "-D" instead of "-A" in some of my commands. Obviously they didn't work... My sincere apologies for that. Now, I got the following working: iptables -t mangle -A PREROUTING --proto esp -m esp --espspi 0xc522b7f3 -j MARK --set-mark 1 I tried to transform that to iptables -t mangle -A PREROUTING --proto esp -m policy --spi 0xc522b7f3 -j MARK --dir in --set-mark 1 But then it does not work anymore. Is there any fundamental difference between those conditions that I do not understand? Note: My original target was to use reqid instead of spi, because I can fix the reqid and the filewall rules should be independent of IKE... Regards, Steffen
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
