Re: [strongSwan] side2side and firewall

Tue, 25 Mar 2014 01:12:12 -0700 

Hello Noel,

yes, using iptables directly would be one way. Another would be
to include somehow into the ipsec configuration. To have all configuration
issues at one point.

Bye, Peer

On 24.03.2014 17:40, Noel Kuntze wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Peer,

If course you can do that. Iptables on Linux and pfsense on BSD offer enough 
functionality to do that.
Look at the policy module for iptables.
I don't know where to look for BSD, but it ought to have something similiar.

Regards
Noel Kuntze

Am 24.03.2014 16:04, schrieb Dr.Peer-Joachim Koch:

Hi,

is it possible to setup a couple of firewall rules on the
ipsec gw ?
We want to make sure that not everybody from the "outside" has access
to everything on the "inside".
So can it be limit to (example) port 25,80,143,443,587,993 from the outside
to the inside and all open on the inside ?



_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTMF/xAAoJEDg5KY9j7GZYGxUP/RZ/86cfwflzt8IrtdrINidP
dNQnchNim89XgO1LPuqgXCGIBhhLojQV0OkmbXg2Sl3xyu/grYjxSOHxalXaDCFN
o03ynRRjMbA3DRSpQpwMoiU+nuuFne9zwQZiNlKLwDAkdw/aYHvMsw9PwlTq3QSE
yga/M/K0IxVna/tYVxoEkaEjmxArQH162p/KgOLTSNf/+RVYiOXjjmF/e5HL0qVJ
NscHmmnsemvtDt1HkPLJCa7FkpjoTH68BqcPLiN5bH7Ft7d3I9oo+xq1W6WR58qe
2GnZxtkQO33Z3kw0tHdwkNT9NC6oOjGiNbut8nD37pHhsZkIXXMlN75CWIv7JVEA
CUQvKFsp6AObvYe+B0xE4BODDQ2jBCtNn+oBbVX/lM/psBvmVeSJc5sTTZcIllbB
qYL9bfzweeuFYgtpMgdk8o0UfLrguyX0MB4W1qZdZUbjQZY9oTJP+XmJDUQ+S1XH
YyKIGtPLOGQ2+K7QqBg8rEMd+7MnCppn98BLfn0DJTZd44UowyDtqUiMrXPvcMXX
xBLYE91cjKI/hm5jDRDn8bY8DJ8dbmtYlHolNmXM0jFO/VpQOLitpndArpmB2Kbm
ArHK3IxYOzOA4IVY2zzIByy3ypCXrBLNoBl9b/8XExwa7cc4BJAR2YyVcMI10oOe
l3Y+ZV0gH3jN914xTccg
=qmrY
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users



--
Mit freundlichem Gruß
    Peer-Joachim Koch
_________________________________________________________
Max-Planck-Institut fuer Biogeochemie
Dr. Peer-Joachim Koch
Hans-Knöll Str.10            Telefon: ++49 3641 57-6705
D-07745 Jena                 Telefax: ++49 3641 57-7705

<<attachment: pkoch.vcf>>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to