#!/bin/sh
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# iptables -t nat -F
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# iptables -F
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# # NAT
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# #iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -j SNAT --to-source 192.1.2.254
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# # make sure that we never acidentially let ESP through.
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# #ptables -N LOGDROP
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# #ptables -A LOGDROP -j LOG
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# #ptables -A LOGDROP -j DROP
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# #ptables -I FORWARD 1 --proto 50 -j LOGDROP
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# #ptables -I FORWARD 2 --destination 192.0.2.0/24 -j LOGDROP
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# #ptables -I FORWARD 3 --source 192.0.2.0/24 -j LOGDROP
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# # route
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# #ptables -I INPUT 1 --destination 192.0.2.0/24 -j LOGDROP
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# # Display the table, so we know it is correct.
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# #ptables -t nat -L -n
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# #ptables -L -n
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# echo done.
done.
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# ipsec whack --trafficstatus
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<grep -v -P "\t0$" /proc/net/xfrm_stat
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep -v -P "\t0$" /proc/net/xfrm_stat' <<<<<<<<<<tuc<<<<<<<<<<: ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# ipsec auto --status
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566824781.750:169760): avc:  denied  { write } for  pid=5361 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=942309374 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/netkey-vti-07\[root@nic netkey-vti-07]#