[strongSwan] Test framework not showing iptables rules in tables other than 'filter'

Daniel Mentz danielml+mailinglists.strongswan at sent.com
Thu Jun 16 07:11:39 CEST 2011

On 06/14/2011 11:59 PM, Andreas Steffen wrote:
> usually the console.log shows the setup of the additional
> iptables rules:
> http://www.strongswan.org/uml/testresults45/ikev2/nat-two-rw-mark/console.log

Hi Andreas and Johannes,

thank you for your quick responses.

I took note of the fact that console.log provides the iptables rules I 
was looking for, but I still think that this situation can be improved:

console.log does not show the rules created automatically by 
/etc/mark_updown. It would be desirable to have all rules from the 
mangle table in one place.

I would prefer iptables-save over "iptables -L" because the former 
outputs the rules in the format that is used by the iptables CLI. People 
are usually more familiar with this format.

Either way, I think it would be helpful to the reader if these rules 
were visible no matter in which format.

A shortcoming that I noticed here is that iptables-save prints the mark 
value in hexadecimal format which is different from the output of "ip 
xfrm policy" which uses a decimal representation.


More information about the Users mailing list