some changes to the ikev2/nat-two-rw-mark scenario

diff --git a/testing/tests/ikev2/nat-two-rw-mark/description.txt b/testing/tests/ikev2/nat-two-rw-mark/description.txt
index 7e844a5335e08dbe04dbed898d50380e2f0c42b1..4b9f43404d040fa5a6ba2437e2ba0e1b95d303e7 100644 (file)
--- a/testing/tests/ikev2/nat-two-rw-mark/description.txt
+++ b/testing/tests/ikev2/nat-two-rw-mark/description.txt
@@ -5,8 +5,10 @@ after ESP decryption to map these subnets to 10.3.0.10 and 10.3.0.20, respective
 <p/>
 In order to differentiate between the tunnels to <b>alice</b> and <b>venus</b>, respectively,
 <b>XFRM marks</b> are defined for both the inbound and outbound IPsec SAs and policies using
-the <b>mark=</b> ipsec.conf parameter. <b>iptables -t mangle</b> rules are then used in the PREROUTING
-chain to mark the traffic to and from <b>alice</b> and <b>venus</b>, respectively.
+the <b>mark</b> parameter in ipsec.conf.
+<p/>
+<b>iptables -t mangle</b> rules are then used in the PREROUTING chain to mark the traffic to
+and from <b>alice</b> and <b>venus</b>, respectively.
 <p/>
 <b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
 the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>

diff --git a/testing/tests/ikev2/nat-two-rw-mark/posttest.dat b/testing/tests/ikev2/nat-two-rw-mark/posttest.dat
index 205f644a775253495babf30cbe46e58fd5584b53..df49eb777fd6a7a9c29ea29228a39aa25dcbaaf6 100644 (file)
--- a/testing/tests/ikev2/nat-two-rw-mark/posttest.dat
+++ b/testing/tests/ikev2/nat-two-rw-mark/posttest.dat
@@ -6,6 +6,4 @@ venus::/etc/init.d/iptables stop 2> /dev/null
 sun::/etc/init.d/iptables stop 2> /dev/null
 moon::iptables -t nat -F
 moon::conntrack -F
-sun::iptables -t mangle -F
-sun::iptables -t nat -F
 sun::conntrack -F