From 71d468ec90de729b3bf1dd1d4bb9aaf3daaf22ae Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Wed, 9 Oct 2013 15:05:46 +0200
Subject: [PATCH] testing: Allow AH packets in default INPUT/OUTPUT chains

---
 testing/hosts/default/etc/iptables.rules | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/testing/hosts/default/etc/iptables.rules b/testing/hosts/default/etc/iptables.rules
index c3f036cf97..b69e1429e0 100644
--- a/testing/hosts/default/etc/iptables.rules
+++ b/testing/hosts/default/etc/iptables.rules
@@ -9,6 +9,10 @@
 -A INPUT  -i eth0 -p 50 -j ACCEPT
 -A OUTPUT -o eth0 -p 50 -j ACCEPT
 
+# allow ah
+-A INPUT  -i eth0 -p 51 -j ACCEPT
+-A OUTPUT -o eth0 -p 51 -j ACCEPT
+
 # allow IKE
 -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
 -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-- 
2.47.3