Following up on a question that was probably too compact.
man ipsec.conf says that if mark=... is set the mark "can be used with
iptables to create custom iptables rules using CONNMARK"
I'm pretty new to connection tracking, however I believe the first
question is: does this work with nftables?
The second question is: which conntrack metadata is set by libreswan in
nftables? Is it "ct mark"?
Thanks in advance for any hint..
On 2/13/2022 3:11 AM, Manfred wrote:
Hi all,
I'm having trouble with the mark=... option.
ipsec accepts it nicely, but I can't match packets in the firewall
rules; also I can't find the mark in /proc/net/nf_conntrack
Thanks in advance for any hint..
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
