Re: validate IPsec outgoing packets using NFtables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: validate IPsec outgoing packets using NFtables
From: Florian Westphal <fw@xxxxxxxxx>
Date: Mon, 6 Apr 2020 17:49:09 +0200
Cc: netfilter@xxxxxxxxxxxxxxx
In-reply-to: <6db313e5d1d7ff43bfbf5a3457b40059daf10c69.camel@gmail.com>
References: <6db313e5d1d7ff43bfbf5a3457b40059daf10c69.camel@gmail.com>
User-agent: Mutt/1.10.1 (2018-07-13)

Olivier Alabeatrix <oalabeatrix@xxxxxxxxx> wrote:
> The postrouting chain secpath rule never matches:
> ip saddr 172.16.11.0/24 ip daddr 172.16.12.0/24 meta secpath exists
> counter accept
> 
> What may I be doing wrong? Any help is welcomed.

Outgoing packets do not have a secpath, you will need to use
'rt ipsec exists'.

References:
- validate IPsec outgoing packets using NFtables
  - From: Olivier Alabeatrix

Prev by Date: validate IPsec outgoing packets using NFtables
Next by Date: Re: [ANNOUNCE] nftlb 0.6 release
Previous by thread: validate IPsec outgoing packets using NFtables
Next by thread: Hello, I have some questions about flowtable.
Index(es):
- Date
- Thread

[Index of Archives] [Linux Netfilter Development] [Linux Kernel Networking Development] [Netem] [Berkeley Packet Filter] [Linux Kernel Development] [Advanced Routing & Traffice Control] [Bugtraq]

Powered by Linux