17 May
2017
17 May
'17
9:52 a.m.
Ronen,
If you use the RAW firewall table to accept IPENCAP traffic, 3 major things happen:
- the RAW table accepts packets without the Kernel further processing them, basically, they should exit netfilter into kmod-ipip - if you use a program such as NetFLow (softflowd), it will not work - you must add the rule to the INPUT table (or otherwise mark them as tracked) if you wish to have records of the inbound outer headers - you will only see a firewall hit counter for the rule in the RAW table
Be advised that ampr-ripd running in raw mode also has this behavior, except that it skips netfilter on the outer header.
73,
- Lynwood KB3VWG