ipsec _updown_espmark(8) manages routes and firewall rules


_updown_espmark is invoked by pluto when it has brought up a new connection. This script is used to insert the appropriate routing and iptables firewall entries for IPsec operation. The incoming ESP traffic must be marked by a static rule in the mangle table. The default value for the mark is 50. The interface to the script is documented in the pluto man page.


Man page written for the Linux strongSwan project <http://www.strongswan.org/> by Andreas Steffen. Original program written by Henry Spencer.