Hi, What's the best way to translate these iptables rules to Shorewall?
iptables -I INPUT -m addrtype --dst-type LOCAL -m policy --pol ipsec --dir in -j NFLOG --nflog-group 5 iptables -I OUTPUT -m policy --pol ipsec --dir out -j NFLOG --nflog-group 5 The idea is to be able to monitor IPSec traffic with tools such as tcpdump -i nflog:5. Ref. https://docs.strongswan.org/strongswan-docs/5.9/install/trafficDumps.html Regards, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users