[Openswan Users] iptables and ipsec
Andreas Stallmann
stallmann at dawin.de
Fri Feb 3 15:42:52 CET 2006
Michael Schwartzkopff wrote:
> do it with the policy module of iptables. See man iptables. Sample attached:
> $IPTABLES -A FORWARD -m policy --dir in -i eth2 --pol ipsec -m state
> --state NEW -j ACCEPT
Ah... I think I understand. Unfortunately, I get an error, when I try to
call "ipsec -m policy -h"
/--------------------------------------/
iptables v.1.3.4: Couldn't load match 'policy':
/lib/iptables/lipipt_policy cannot open shared object file: No such file
or directory.
/--------------------------------------/
:-(
I think, I'm probably lacking the necessary patch-o-matic extension:
/-----------------------------------------/
policy - iptables policy match
Author: Patrick McHardy, <kaber at trash.net>
Status: Testing
This patch adds the policy match to netfilter.
The policy match is used to match the IPsec policy
used for handling a packet.
The 2.4 version is for use with the 2.6 IPsec backport.
/-----------------------------------------/
Is that the one?
Allright... I think I'm at least a step further now. Thanks a lot,
Andreas
--
dawin GmbH - Andreas Stallmann - Consultant
More information about the Users
mailing list