On Wednesday 2013-03-27 18:52, Andrew Beverley wrote: >> > 2 26 10983 ACCEPT all -- * eth0 0.0.0.0/0 >> > 10.2.0.2 policy match dir out pol ipsec reqid 116 proto 50 >> > >> > >> > But, this rules is inserted automaticaly by strongswan ipsec daemon, after my >> > connection.. >> >> So turn it off in strongswan? > >Or if you can't do that, then just delete the rules once they're in >there, or reinsert your own rules at a higher priority. Well, strongswan has this leftfirewall=yes option that probably causes this, but I have not yet found a reason to use it, because you can just use -m policy on your own. While you do not know the reqid, it probably does not matter because strongswan would add ACCEPT rules for all of them anyway. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
