[strongSwan] strongSwan and FireHOL - conflicting use of marks?

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Sep 27 02:01:33 CEST 2017

That can only be solved by making some code changes and adding options.
The solution to that would be to enable the configuration of a fixed range and a mask for the netfilter marks.
That way charon and FireHOL can store information in different bits of the mark field.

A workaround is not possible.

Kind regards


On 24.09.2017 17:43, Whit Blauvelt wrote:
> There's a well-detailed exploration of apparently conflicting use of the
> Netfilter mangle table by strongSwan and FireHOL by unki at
> https://github.com/firehol/firehol/issues/130.
> Are there any opinions here on how to resolve that conflict without
> impairing the functionality of either? With both increasingly used, it will
> be good if any necessary workarounds in combining them can be documented.
> Thanks,
> Whit

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170927/ff30c436/attachment.sig>

More information about the Users mailing list