xt_policy: output policy not valid in PRE_ROUTING and INPUT

Patrick McHardy kaber at trash.net
Mon Aug 6 14:44:11 CEST 2007


Krzysztof Oledzki wrote:
> On Mon, 6 Aug 2007, Patrick McHardy wrote:
> 
>> The IPsec policy is selected after routing, which is why can't
>> be used in PREROUTING.
> 
> 
> Is there any other solution than duplicating ipsec policies with "-A
> PREROUTING -s (...) -d (...) -p (...) -j RETURN"? I would like to
> REDIRECT only packets that are not going thru ipsec tunnels.


I can't think of one.



More information about the netfilter-devel mailing list