[Openswan Users] Iptables problem (netkey)
Marco Berizzi
pupilla at hotmail.com
Fri Jan 11 03:48:15 EST 2008
Nicole Hähnel wrote:
> I don't really know which rules I've to add in my iptables script.
> I tried Peter's rules, but everything was dropped.
> But if I allow only protocol 4, excepting esp and udp 500, everything
> works fine!?
> Why?
As I said this is a know netfilter bug
(http://lists.netfilter.org/pipermail/netfilter-devel/2006-February/0234
20.html):
you must accept protocol 4 (and 50 + udp500/4500)
> Using klips, I never saw any protpcol 4 packets.
this bug affect only netkey since >2.6.16
> What's the right way, policy match or masking packets?
if you are running >2.6.16 + iptables >1.3.5
go for policy match.
More information about the Users
mailing list