testing: Allow AH packets in default INPUT/OUTPUT chains

author Martin Willi <martin@revosec.ch>

Wed, 9 Oct 2013 13:05:46 +0000 (15:05 +0200)

committer Martin Willi <martin@revosec.ch>

Fri, 11 Oct 2013 08:15:22 +0000 (10:15 +0200)
author Martin Willi <martin@revosec.ch>
Wed, 9 Oct 2013 13:05:46 +0000 (15:05 +0200)
committer Martin Willi <martin@revosec.ch>
Fri, 11 Oct 2013 08:15:22 +0000 (10:15 +0200)
diff --git a/testing/hosts/default/etc/iptables.rules b/testing/hosts/default/etc/iptables.rules

index c3f036cf97b79ae1a24c30487fac3da1da52bf13..b69e1429e0eefe03095b7804d1070d902f5e26a4 100644 (file)
--- a/testing/hosts/default/etc/iptables.rules
+++ b/testing/hosts/default/etc/iptables.rules
@@ -9,6 +9,10 @@
  -A INPUT  -i eth0 -p 50 -j ACCEPT
  -A OUTPUT -o eth0 -p 50 -j ACCEPT
  
+# allow ah
+-A INPUT  -i eth0 -p 51 -j ACCEPT
+-A OUTPUT -o eth0 -p 51 -j ACCEPT
+
  # allow IKE
  -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
  -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
author	Martin Willi <martin@revosec.ch>
	Wed, 9 Oct 2013 13:05:46 +0000 (15:05 +0200)
committer	Martin Willi <martin@revosec.ch>
	Fri, 11 Oct 2013 08:15:22 +0000 (10:15 +0200)