Hello,
ESP based IPsec tunnel (strongswan) is established between systems A and B.
A's outer IP 10.3.20.10 and its inner header IP is 172.16.2.11.
At system B's input, I want to drop ESP fragments coming from system A.
iptables -A INPUT -f -p 50 -m esp -j DROP doesn't seem to work. The
fragments aren't dropped.
Could you please tell me what is going wrong here?
10.3.20.10
+-------+
+-------+
| |172.16.2.11 10.3.15.20
| | 192.168.2.x/24
| A 0==============================0 B 0===
| |
| |
+-------+
+-------+
-TSR
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
