Imported Upstream version 5.3.4

author: Yves-Alexis Perez <corsac@debian.org> 2015-11-18 14:49:27 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2015-11-18 14:49:27 +0100
commit: 1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (patch)
tree: 0d59eec2ce2ed332434ae80fc78a44db9ad293c5 /testing/tests/ikev2/mobike-nat/hosts/alice/etc
parent: 5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (diff)
download: vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.tar.gz
vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules
index 6dd261f20..450e7cef6 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules
@@ -5,11 +5,15 @@
 -P OUTPUT DROP
 -P FORWARD DROP
 
+# allow traffic on lo as ifup/ifdown call bind's rndc which accesses TCP 953
+-A OUTPUT -o lo -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+
 # allow IPsec tunnel traffic
 -A INPUT  -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
 -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
 
-# allow ESP 
+# allow ESP
 -A INPUT  -i eth0 -p 50 -j ACCEPT
 -A INPUT  -i eth1 -p 50 -j ACCEPT
 -A OUTPUT -o eth0 -p 50 -j ACCEPT
author	Yves-Alexis Perez <corsac@debian.org>	2015-11-18 14:49:27 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2015-11-18 14:49:27 +0100
commit	1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (patch)
tree	0d59eec2ce2ed332434ae80fc78a44db9ad293c5 /testing/tests/ikev2/mobike-nat/hosts/alice/etc
parent	5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (diff)
download	vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.tar.gz vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.zip