On 2018-01-25 12:35 PM, Hoggins! wrote: > I'm just trying to make sure that I'm able to fine select different > types of traffic on outbound UDP 4500 (we use NAT-T), and right now it > seems that I'm still also catching "data" packets.
Maybe you can configure IPtables to look for those 4 bytes of 0s [1] when the UDP/4500 packet is an IKE one? [1] https://docs.microsoft.com/en-us/windows-hardware/drivers/network/udp-esp-encapsulation-types HTH, Simon
signature.asc
Description: OpenPGP digital signature