[Openswan Users] iptables and ipsec

Andreas Stallmann stallmann at dawin.de
Fri Feb 3 15:42:52 CET 2006


Michael Schwartzkopff wrote:
> do it with the policy module of iptables. See man iptables. Sample attached:

> $IPTABLES -A FORWARD  -m policy --dir in -i eth2 --pol  ipsec  -m state 
> --state NEW  -j ACCEPT

Ah... I think I understand. Unfortunately, I get an error, when I try to 
call "ipsec -m policy -h"

/--------------------------------------/
iptables v.1.3.4: Couldn't load match 'policy': 
/lib/iptables/lipipt_policy cannot open shared object file: No such file 
or directory.
/--------------------------------------/

:-(

I think, I'm probably lacking the necessary patch-o-matic extension:

/-----------------------------------------/
policy - iptables policy match
Author: Patrick McHardy, <kaber at trash.net>
Status: Testing

This patch adds the policy match to netfilter.

The policy match is used to match the IPsec policy
used for handling a packet.

The 2.4 version is for use with the 2.6 IPsec backport.
/-----------------------------------------/

Is that the one?

Allright... I think I'm at least a step further now. Thanks a lot,

Andreas
-- 
dawin GmbH - Andreas Stallmann - Consultant


More information about the Users mailing list