Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31170 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

ipsec_policy(8)			Openswan IPSec		       ipsec_policy(8)

NAME
       ipsec_policy - show ipsec policy information

SYNOPSIS
	   # detect what stack is used
	   ipsec policy --detect-stack

	   # display policy information
	   ipsec policy [ --all | [ --inbound | --outbound | --forward ] ] \
			[ --stack=name ] [ --read=file ] [ --debug ]

	   # provide usage information
	   ipsec policy --usage
	   ipsec policy --help

DESCRIPTION
       policy displays the incoming, outgoing, and forwarding packet policies
       of the system.  It is a wrapper around eixsting klips and netkey data,
       but presented in a less terse form.

OPTIONS
       --detect-stack
	   Only display the stack that Openswan is using.  Possible results
	   are.

	   klips
	       KLIPS is the Openswan ipsec kernel module.  This stack type
	       indicates that KLIPS is not running in mast mode (see next
	       option), but rather in the default mode.	 In this mode, KLIPS
	       outgoing packet policy is dicated by eroutes.  See the
	       ipsec_eroute man page for further details.

	   mast
	       This is a mode of the Openswan ipsec kernel module, KLIPS.  In
	       this mode outgoing packet routing policies are dictated by
	       iptalbles, and Linux kernel policy routing.  This mode is
	       selected by using "protostack=mast" setting in ipsec.conf.

	   netkey
	       This stack indicates that Openswan is controlling the Linux
	       kernel built-in ipsec functionally.

       --all
	   Show inbound, outbound, and forward policites.  This is the
	   default.

       --inbound --in
	   Show only inbound policy.

       --outbound --out
	   Show only outbound policy.

       --forward --fwd
	   Show only forward policy.

       --stack=<name>
	   Skip autodetection and force read policy from this stack.  See help
	   on --detect-stack (above) for valid options and their descriptions.

       --read=<file>
	   This option overrides what file would be read to gather the policy
	   information.	 It could be used to read policy information from a
	   snapshot obtained from a running system.

	   In the case of the klips or mast stack, this file is the output of
	   the /proc/net/ipsec/spi/all file.

       --help
	   Output help.

       --debug
	   Output debug info.

FILES
	  /proc/net/ipsec/spi/all

SEE ALSO
       ipsec(8), ipsec_eroute(8), ipsec_manual(8)

HISTORY
       Designed for the Openswan project <http://www.openswan.org> by Bart
       Trojanowski.

BUGS
       Does not support netkey yet.

2.6.37				  2011-10-28		       ipsec_policy(8)

Vote for polarhome