unclear documentation with ipsec policy matcher

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi I feel the documentation quite unclear with this matcher.

http://ipset.netfilter.org/iptables-extensions.man.html#lbBS

the bahaviour is also counter intuituitive

as an exemple
If I receive an Ipsec encapsulated Gre packet, then rule with --dir in --pol none will match ESP packet. 

and rule with --dir in --pol ipsec will match Gre packet.


By the way, what is the meaning of in/out in the forward context ?
A little documentation and explanations about why things are named the way they are would be a great enhancement.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux