services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out
Netfilter mark and mask for output traffic. On Linux, Netfilter may
require marks on each packet to match a policy/SA having that option
set. This allows installing duplicate policies and enables Netfilter
rules to select specific policies/SAs for outgoing traffic. The special
value %unique sets a unique mark on each CHILD_SA
instance, beyond that the value %unique-dir assigns a
different unique mark for each CHILD_SA direction (in/out).
An additional mask may be appended to the mark, separated by
/. The default mask if omitted is
0xffffffff.
StrongSwan default: "0/0x00000000"
- Type
null or string- Default
null- Declared
- <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>