Hi,

What's the best way to translate these iptables rules to Shorewall?

iptables -I INPUT -m addrtype --dst-type LOCAL -m policy --pol ipsec
--dir in -j NFLOG --nflog-group 5
iptables -I OUTPUT -m policy --pol ipsec --dir out -j NFLOG --nflog-group 5

The idea is to be able to monitor IPSec traffic with tools such as
tcpdump -i nflog:5.

Ref. https://docs.strongswan.org/strongswan-docs/5.9/install/trafficDumps.html

Regards,

Vieri


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to