[strongSwan] strange iptables behavior
Kamil Jońca
kjonca at o2.pl
Tue Jul 3 12:07:40 CEST 2018
In my updown script I have this rule:
(1) iptables -I INPUT -i ${PLUTO_INTERFACE} -s ${PLUTO_PEER} -d ${PLUTO_ME} -m policy --strict --dir in --pol ipsec --reqid $PLUTO_REQID -j ACCEPT
(2) iptables -I INPUT -i ${PLUTO_INTERFACE} -s ${PLUTO_PEER_CLIENT} -d ${PLUTO_MY_CLIENT} -m policy --strict --pol ipsec --dir in --mode tunnel --tunnel-dst ${PLUTO_ME} --next --mode tunnel --tunnel-src ${PLUTO_PEER} -j ACCEPT
First rule works as expected, but second does not match any packet and
there is no traffic
Strange thing is: if I set second rule manually later - packet match
and traffic goes on.
WTF?
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
grep me no patterns and I'll tell you no lines.
More information about the Users
mailing list