On Wed, 2013-03-27 at 14:32 +0100, Jan Engelhardt wrote: > On Wednesday 2013-03-27 10:19, Dmitry Korzhevin wrote: > > > > 1 33 2970 ACCEPT all -- eth0 * 10.2.0.2 0.0.0.0/0 policy > > match dir in pol ipsec reqid 116 proto 50 > > 2 26 10983 ACCEPT all -- * eth0 0.0.0.0/0 > > 10.2.0.2 policy match dir out pol ipsec reqid 116 proto 50 > > > > > > But, this rules is inserted automaticaly by strongswan ipsec daemon, after my > > connection.. > > So turn it off in strongswan? Or if you can't do that, then just delete the rules once they're in there, or reinsert your own rules at a higher priority. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
