diff options
author | Tobias Brunner <tobias@strongswan.org> | 2015-11-05 14:59:34 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2015-11-09 15:18:35 +0100 |
commit | 0ee4a333a8202f4bf176c87b17aa640685ec5ada (patch) | |
tree | 0da05673906970a14b1a9dae48c94ccfeeb2336a /testing/tests/ikev2/mobike-nat | |
parent | cbaafa03c7ed75df3887788fc69fa4ed2d3abb9c (diff) | |
download | strongswan-0ee4a333a8202f4bf176c87b17aa640685ec5ada.tar.bz2 strongswan-0ee4a333a8202f4bf176c87b17aa640685ec5ada.tar.xz |
testing: Speed up ifdown calls in ikev2/mobike scenarios
ifdown calls bind's rndc, which tries to access TCP port 953 on lo.
If these packets are dropped by the firewall we have to wait for the TCP
connections to time out, which takes quite a while.
Diffstat (limited to 'testing/tests/ikev2/mobike-nat')
-rw-r--r-- | testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules index 6dd261f20..450e7cef6 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules @@ -5,11 +5,15 @@ -P OUTPUT DROP -P FORWARD DROP +# allow traffic on lo as ifup/ifdown call bind's rndc which accesses TCP 953 +-A OUTPUT -o lo -j ACCEPT +-A INPUT -i lo -j ACCEPT + # allow IPsec tunnel traffic -A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT -# allow ESP +# allow ESP -A INPUT -i eth0 -p 50 -j ACCEPT -A INPUT -i eth1 -p 50 -j ACCEPT -A OUTPUT -o eth0 -p 50 -j ACCEPT |