On 06/14/2011 11:59 PM, Andreas Steffen wrote: > usually the console.log shows the setup of the additional > iptables rules: > > http://www.strongswan.org/uml/testresults45/ikev2/nat-two-rw-mark/console.log
Hi Andreas and Johannes, thank you for your quick responses. I took note of the fact that console.log provides the iptables rules I was looking for, but I still think that this situation can be improved: console.log does not show the rules created automatically by /etc/mark_updown. It would be desirable to have all rules from the mangle table in one place. I would prefer iptables-save over "iptables -L" because the former outputs the rules in the format that is used by the iptables CLI. People are usually more familiar with this format. Either way, I think it would be helpful to the reader if these rules were visible no matter in which format. A shortcoming that I noticed here is that iptables-save prints the mark value in hexadecimal format which is different from the output of "ip xfrm policy" which uses a decimal representation. Thanks -Daniel _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
