LINUX.ORG.RU

История изменений

Исправление ValdikSS, (текущая версия) :

В iptables есть матчер policy, можете отбрасывать пакеты на необходимые вам IP-адреса без policy --pol ipsec.

   policy
       This module matches the policy used by IPsec for handling a packet.

       --dir {in|out}
              Used to select whether to match the policy used for decapsulation or the policy that will be used for encapsulation.  in is valid in the PREROUTING, INPUT and FORWARD chains, out is valid
              in the POSTROUTING, OUTPUT and FORWARD chains.

       --pol {none|ipsec}
              Matches if the packet is subject to IPsec processing. --pol none cannot be combined with --strict.

UPD: а, Mikrotik, тогда не подскажу.

Исходная версия ValdikSS, :

В iptables есть матчер policy, можете отбрасывать пакеты на необходимые вам IP-адреса без policy --pol ipsec.

   policy
       This module matches the policy used by IPsec for handling a packet.

       --dir {in|out}
              Used to select whether to match the policy used for decapsulation or the policy that will be used for encapsulation.  in is valid in the PREROUTING, INPUT and FORWARD chains, out is valid
              in the POSTROUTING, OUTPUT and FORWARD chains.

       --pol {none|ipsec}
              Matches if the packet is subject to IPsec processing. --pol none cannot be combined with --strict.