0

I have an IPtables matching as -m policy --dir out --pol ipsec --mode tunnel --tunnel-src 1.1.1.2 --tunnel-dst 1.1.1.1. I know that this matching works with nftables in compatible mode as xt "policy", but I need to use the nftables syntax for this, in order to only use nft and backup from that.

Also in nftables v0.9.3 (Topsy) it doesn't support the compatible mode xt "policy". I've also tried the ipsec out ip saddr 1.1.1.2 ip daddr 1.1.1.1 but it didn't seem to work with neither this version nor nftables v1.0.9 (Old Doc Yak #3) as expected.

Improve this question

1 Answer 1

Reset to default
1

Prefixes like ipsec out ... need to be repeated for both conditions. Otherwise the second one is parsed as a standalone ip daddr.

ipsec out ip saddr 1.1.1.2 ipsec out ip daddr 1.1.1.1
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.