[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02517) Firewall as with ipsec0 interface

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 02517) Firewall as with ipsec0 interface
From: Michal Ludvig <michal-list@xxxxxxxx>
Date: Mon, 25 Aug 2003 17:01:30 +0200
Reply-to: usagi-users@xxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.5b) Gecko/20030813

Hi all, AFAIK the implementation of IPsec stack in recent linux-2.6.0-test comes from your effort so I'm sending my question here...

With kernel 2.4.x and FreeS/WAN I was used to have firewall rules like

# Allow IPsec and IKE
iptables -I INPUT -i eth0 -p esp -j ACCEPT
iptables -I INPUT -i eth0 -p ah -j ACCEPT
iptables -I INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT

# Allow only SSH from IPsec client 192.168.1.1
iptables -I INPUT -i ipsec0 -p tcp -s 192.168.1.1 --dport 22 -j ACCEPT
iptables -I INPUT -i ipsec0 -s 192.168.1.1 -j REJECT

Now that ipsec0 interface is a history ... how do I set a similar firewall rule?

Thanks in advance!

Michal Ludvig

Prev by Date: (usagi-users 02516) Re: IPsec tunnel mode
Next by Date: (usagi-users 02518) Why was MobileIPv6 removed?
Previous by thread: (usagi-users 02516) Re: IPsec tunnel mode
Next by thread: (usagi-users 02518) Why was MobileIPv6 removed?
Index(es):
- Date
- Thread