Bonjour,
Je rencontre un probl??me pour utiliser les expressions "ipsec"
avec nftables.
IPSEC EXPRESSIONS
ipsec {in | out} [ spnum NUM ] {reqid | spi}
ipsec {in | out} [ spnum NUM ] {ip | ip6} {saddr | daddr}
An ipsec _expression_ refers to ipsec data
associated with a packet.
The in or out keyword needs to be
used to specify if the _expression_ should examine inbound or
outbound policies. The in keyword can be used in the
prerouting, input and forward hooks. The out keyword
applies to forward, output and postrouting hooks. The optional
keyword spnum can be used to match a specific state in a
chain, it defaults to 0.
Table??34.??Ipsec _expression_ types
Keyword |
Description |
Type |
reqid |
Request ID |
integer (32 bit) |
spi |
Security Parameter Index |
integer (32 bit) |
saddr |
Source address of the
tunnel |
ipv4_addr/ipv6_addr |
daddr |
Destination address of
the tunnel |
ipv4_addr/ipv6_addr |
https://manpages.debian.org/buster-backports/nftables/nft.8.en.html
J'utilise le noyau : linux-image-5.2.0-0.bpo.3-amd64
(5.2.17-1~bpo10+1)?? avec nftables (0.9.2-1~bpo10+1),?? qui
utilise libnftnl11 (1.1.4-1~bpo10+1).
A en croire ce post : https://serverfault.com/questions/971735/how-to-match-reqid-in-nftables,
toutes les conditions ont l'air r??unies.
Pourtant, nft revoit l'erreur : "Error: Could not process rule:
No such file or directory", comme si la fonction n'??tait pas
impl??ment??e.
Est-ce que quelqu'un aurait une id??e ?
Cordialement.