Comment 4 for bug 1773956

Since the define in the code is without PID
  #define CLUSTERIP_DIR "/proc/net/ipt_CLUSTERIP"

Due to that shouldn't the rule be more like:
@{PROC}/net/ipt_CLUSTERIP/ r,
@{PROC}/net/ipt_CLUSTERIP/* rw,

To be added to the file debian/usr.sbin.charon-systemd