[strongSwan] Why is strongswan keeping so many enttires in my iptables?????
Adrian Milanoski
amilanoski at blackberry.com
Thu Mar 6 17:31:11 CET 2014
I have a giant list here...... Why is this happening?
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 10.244.134.24 0.0.0.0/0 policy match dir in pol ipsec reqid 333 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.24 policy match dir out pol ipsec reqid 333 proto 50
ACCEPT all -- 10.244.134.23 0.0.0.0/0 policy match dir in pol ipsec reqid 331 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.23 policy match dir out pol ipsec reqid 331 proto 50
ACCEPT all -- 10.244.134.24 0.0.0.0/0 policy match dir in pol ipsec reqid 329 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.24 policy match dir out pol ipsec reqid 329 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 328 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 328 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 327 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 327 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 326 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 326 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 325 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 325 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 324 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 324 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 322 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 322 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 321 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 321 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 319 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 319 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 317 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 317 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 316 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 316 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 315 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 315 proto 50
ACCEPT all -- 10.244.134.23 0.0.0.0/0 policy match dir in pol ipsec reqid 313 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.23 policy match dir out pol ipsec reqid 313 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 312 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 312 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 311 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 311 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 309 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 309 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 306 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 306 proto 50
ACCEPT all -- 10.244.134.22 0.0.0.0/0 policy match dir in pol ipsec reqid 305 proto 50
ACCEPT all -- 0.0.0.0/0 10.244.134.22 policy match dir out pol ipsec reqid 305 proto 50
Regards,
Adrian Milanoski
Lab Administrator
BBOS WiFI VPN. Security Testing - R&D
Tel.(289) 261-5801 | Cel: (647) 289-261-5801
Email amilanoski at blackberry.com<mailto:amilanoski at blackberry.com>
[Description: Description: cid:image001.gif at 01CDFFB4.0099AD80][Description: Description: Description: hme_scrn_ind_new_notification_Precsn_Zen_801421_11]<http://www.blackberry.com/>
From: Adrian Milanoski
Sent: Wednesday, March 05, 2014 9:17 PM
To: Adrian Milanoski; users at lists.strongswan.org
Subject: RE: [strongSwan] Why is strongswan keeping so many enttires in my iptables?????
Any update on why this is happening?
Regards,
Adrian Milanoski
Lab Administrator
BBOS WiFI VPN. Security Testing - R&D
Tel.(289) 261-5801 | Cel: (647) 289-261-5801
Email amilanoski at blackberry.com<mailto:amilanoski at blackberry.com>
[Description: Description: cid:image001.gif at 01CDFFB4.0099AD80][Description: Description: Description: hme_scrn_ind_new_notification_Precsn_Zen_801421_11]<http://www.blackberry.com/>
From: users-bounces at lists.strongswan.org [mailto:users-bounces at lists.strongswan.org] On Behalf Of Adrian Milanoski
Sent: Tuesday, March 04, 2014 5:50 PM
To: users at lists.strongswan.org
Subject: [strongSwan] Why is strongswan keeping so many enttires in my iptables?????
HI list,
I have 300+ entries in my iptables -L and restarting strongswan doesn't clear them and it is a production GW that I cannot simple restart. How can I resolve this? And why is it happening so I can resolve it for the future?
Thanks in advance
Regards,
Adrian Milanoski
Lab Administrator
BBOS WiFI VPN. Security Testing - R&D
4715 Tahoe Blvd, Mississauga, ON, Canada, L4W 0B5
Tel.(289) 261-5801 | Fax.(905) 629-7836
Email amilanoski at blackberry.com<mailto:amilanoski at blackberry.com>
[Description: Description: cid:image001.gif at 01CDFFB4.0099AD80][Description: Description: Description: hme_scrn_ind_new_notification_Precsn_Zen_801421_11]<http://www.blackberry.com/>
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140306/9cf69f0c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1632 bytes
Desc: image001.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140306/9cf69f0c/attachment-0006.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 724 bytes
Desc: image002.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140306/9cf69f0c/attachment-0007.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 1632 bytes
Desc: image003.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140306/9cf69f0c/attachment-0008.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 724 bytes
Desc: image004.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140306/9cf69f0c/attachment-0009.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 1633 bytes
Desc: image005.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140306/9cf69f0c/attachment-0010.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 724 bytes
Desc: image006.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140306/9cf69f0c/attachment-0011.jpg>
More information about the Users
mailing list