Le 25/11/2021 à 07:57, Antony Antony a écrit : > Hi Nicolas, Hi Antony, > > On Mon, Nov 22, 2021 at 11:33:13 +0100, Nicolas Dichtel wrote: >> When there is no policy configured on the system, the default policy is >> checked in xfrm_route_forward. However, it was done with the wrong >> direction (XFRM_POLICY_FWD instead of XFRM_POLICY_OUT). > > How can I reproduce this? > I tried adding fwd block and no policy and that blocked the forwarded traffic. > I ran into another issue with fwd block and and tunnel. I will double check. Next week. > With the out default policy set to 'block' and no out policy configured, the packets are forwarded. After my patch, packets are blocked: $ ip xfrm policy getdefault Default policies: in: accept fwd: accept out: block $ ip xfrm policy $ Regards, Nicolas
