[strongSwan] Test framework not showing iptables rules in tables other than 'filter'
Daniel Mentz
danielml+mailinglists.strongswan at sent.com
Thu Jun 16 07:11:39 CEST 2011
On 06/14/2011 11:59 PM, Andreas Steffen wrote:
> usually the console.log shows the setup of the additional
> iptables rules:
>
> http://www.strongswan.org/uml/testresults45/ikev2/nat-two-rw-mark/console.log
Hi Andreas and Johannes,
thank you for your quick responses.
I took note of the fact that console.log provides the iptables rules I
was looking for, but I still think that this situation can be improved:
console.log does not show the rules created automatically by
/etc/mark_updown. It would be desirable to have all rules from the
mangle table in one place.
I would prefer iptables-save over "iptables -L" because the former
outputs the rules in the format that is used by the iptables CLI. People
are usually more familiar with this format.
Either way, I think it would be helpful to the reader if these rules
were visible no matter in which format.
A shortcoming that I noticed here is that iptables-save prints the mark
value in hexadecimal format which is different from the output of "ip
xfrm policy" which uses a decimal representation.
Thanks
-Daniel
More information about the Users
mailing list