Thank you for your answers!Unfortunately I can not use iptables.The request to the server can come both from the IPSec channel and from an end user UI via other port (443).The question if I can somehow to recognize on the server that the request come from the IPSec channel (that is passes IPsec encryption).
> From: [email protected] > Date: Sun, 29 May 2016 14:32:04 -0400 > To: [email protected] > CC: [email protected]; [email protected] > Subject: Re: [Swan] How to recognize an HTTP request that passes through the > IPSec channel? > > On Sun, May 29, 2016 at 02:13:19PM -0400, Paul Wouters wrote: > > You can limit the tunnel to only allow port 80 traffic using > > leftprotoport=tcp/80 and rightprotoport=tcp/0 > > > > But then you still need to be sure unencrypted traffic is blocked if that's > > what you want to happen. > > And of course HTTP traffic on a different port won't work. That would > require a much more advanced way to recognize the protocol, and in fact > iptables may in fact be the right tool for that. > > -- > Len Sorensen
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
