-diff -Naur strongswan-4.3.6.org/src/_updown_espmark/_updown_espmark strongswan-4.3.6/src/_updown_espmark/_updown_espmark
---- strongswan-4.3.6.org/src/_updown_espmark/_updown_espmark 2009-09-27 21:50:42.000000000 +0200
-+++ strongswan-4.3.6/src/_updown_espmark/_updown_espmark 2010-03-15 18:52:28.000000000 +0100
-@@ -247,10 +247,10 @@
- ESP_MARK=50
-
- # add the following static rule to the INPUT chain in the mangle table
--# iptables -t mangle -A INPUT -p 50 -j MARK --set-mark 50
-+# iptables -t mangle -A IPSECINPUT -p 50 -j MARK --set-mark 50
-
- # NAT traversal via UDP encapsulation is supported with the rule
--# iptables -t mangle -A INPUT -p udp --dport 4500 -j MARK --set-mark 50
-+# iptables -t mangle -A IPSECINPUT -p udp --dport 4500 -j MARK --set-mark 50
-
- # in the presence of KLIPS and ipsecN interfaces do not use ESP mark rules
- if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ]
-@@ -325,10 +325,10 @@
- up-host:*)
- # connection to me coming up
- # If you are doing a custom version, firewall commands go here.
-- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+ iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $CHECK_MARK -j ACCEPT
-- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+ iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
- #
-@@ -346,10 +346,10 @@
- # If you are doing a custom version, firewall commands go here.
- # connection to me going down
- # If you are doing a custom version, firewall commands go here.
-- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+ iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $CHECK_MARK -j ACCEPT
-- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+ iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
- #
-@@ -365,10 +365,10 @@
- up-client:)
- # connection to my client subnet coming up
- # If you are doing a custom version, firewall commands go here.
-- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+ iptables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
-- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+ iptables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
- $CHECK_MARK -j ACCEPT
-@@ -385,10 +385,10 @@
- down-client:)
- # connection to my client subnet going down
- # If you are doing a custom version, firewall commands go here.
-- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-+ iptables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
-- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-+ iptables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
- $CHECK_MARK -j ACCEPT