Hi All Shorewall 4.4.20.1 filtering traffic on Linux kernel 2.6.16.60 with Openswan 2.4.4, all on same machine with 3 interface setup (LAN, Iinternet, Public).
How can I reject all IPSEC packets that come from Internet before they reach pluto except for few IP addresses that I choose to allow? I had IPSEC tunnels established with some routers and they are killing all of my IPSEC tunnels, I need to filter which Internet router can access Openswan deamon. Whatever I do, UDP packets reach pluto. I commented out everything in ipsec.conf, ipsec.secrets, shorewall tunnels, hosts, even added first rule that should block IPSEC, still pluto get packets from Internet: rules: IPsec/REJECT:info INT all pluto: Dec 8 12:32:21 myhost pluto[5218]: packet from xxx.xxx.xxx.xxx:500: initial Main Mode message received on yyy.yyy.yyy.yyy:500 but no connection has been authorized Thanks, regards Ivica Glavocic ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
