sorry my last reply didn't go to the list, will have to be more diligent about checking the to line of the mail.
> > This is interesting. Is this data stored somewhere in /proc or /sys > > such that I can query it regularly? > > I don't know. If so, it would be in "ip xfrm policy" or "ip xfrm state" > with some additional verbosity options (and a lack of documentation :) Okay, will see what I can find about that... > > > Can any more information besides > > direction of the traffic be figured out (ie dst for LAN vs dst for web)? > > or am I still having to rely on iptables to track that level of detail? > > No, but you could setup separate tunnels per port, eg: I have been driving this idea around the little dirt track in my mind, I didn't realize protoport could be used in such a way... I am still thinking on how to apply it to my situation. Thanks for your input Paul, much appreciated... > > conn port80 > leftprotoport=tcp/80 > rightprotoport=tcp > also=baseconn > > conn port443 > leftprotoport=tcp/443 > rightprotoport=tcp > also=baseconn > > conn baseconn > yourregularstuffhere > > Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
