@ttzforj, I understand the need for a userspace implementation when using OpenVZ (LXC too?) but for iptables, are you aware of the policy module? I find it very useful and relatively easy to use:
# Allow only SSH when over IPsec iptables -A INPUT -p tcp --dport 22 -m policy --dir in --pol ipsec -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j REJECT Regards, Simon -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309594 Title: kernel-libipsec not loading To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1309594/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
