From: Martin Willi <martin@revosec.ch>
Date: Wed, 9 Oct 2013 13:05:46 +0000 (+0200)
Subject: testing: Allow AH packets in default INPUT/OUTPUT chains
X-Git-Tag: 5.1.1rc1~48^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=71d468ec90de729b3bf1dd1d4bb9aaf3daaf22ae;p=thirdparty%2Fstrongswan.git

testing: Allow AH packets in default INPUT/OUTPUT chains
---

diff --git a/testing/hosts/default/etc/iptables.rules b/testing/hosts/default/etc/iptables.rules
index c3f036cf97..b69e1429e0 100644
--- a/testing/hosts/default/etc/iptables.rules
+++ b/testing/hosts/default/etc/iptables.rules
@@ -9,6 +9,10 @@
 -A INPUT  -i eth0 -p 50 -j ACCEPT
 -A OUTPUT -o eth0 -p 50 -j ACCEPT
 
+# allow ah
+-A INPUT  -i eth0 -p 51 -j ACCEPT
+-A OUTPUT -o eth0 -p 51 -j ACCEPT
+
 # allow IKE
 -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
 -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT