xt_policy: output policy not valid in PRE_ROUTING and INPUT

[Krzysztof Oledzki]

On Mon, 6 Aug 2007, Patrick McHardy wrote:

> Krzysztof Oledzki wrote:
>> Hello,
>>
>> Is there any reason why it is not possible to use "-m policy --dir out"
>> in PREROUTING? I tried to do something like:
>>
>> -A PREROUTING -m policy --dir out --pol ipsec -j RETURN
>> -A PREROUTING -p tcp -i $IF_LANBR --dport 80 -j REDIRECT --to-ports 8088
>
>
> The IPsec policy is selected after routing, which is why can't
> be used in PREROUTING.

Is there any other solution than duplicating ipsec policies with "-A 
PREROUTING -s (...) -d (...) -p (...) -j RETURN"? I would like to REDIRECT 
only packets that are not going thru ipsec tunnels.

Best regards,

 				Krzysztof Olędzki