-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Peer,
Feel free to look at leftprotoport and rightprotoport, as well as distinct configurations for clients, that connect from the LAN vs from the WAN. Also, look at the "left" and "right" options. StrongSwan > 5.1.1 supports restricting connections to a specific subnet with those parameters. Regards Noel Kuntze Am 25.03.2014 09:11, schrieb Dr.Peer-Joachim Koch: > Hello Noel, > > yes, using iptables directly would be one way. Another would be > to include somehow into the ipsec configuration. To have all configuration > issues at one point. > > Bye, Peer > > On 24.03.2014 17:40, Noel Kuntze wrote: > Hello Peer, > > If course you can do that. Iptables on Linux and pfsense on BSD offer enough > functionality to do that. > Look at the policy module for iptables. > I don't know where to look for BSD, but it ought to have something similiar. > > Regards > Noel Kuntze > > Am 24.03.2014 16:04, schrieb Dr.Peer-Joachim Koch: >>>> Hi, >>>> >>>> is it possible to setup a couple of firewall rules on the >>>> ipsec gw ? >>>> We want to make sure that not everybody from the "outside" has access >>>> to everything on the "inside". >>>> So can it be limit to (example) port 25,80,143,443,587,993 from the outside >>>> to the inside and all open on the inside ? >>>> >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] >>>> https://lists.strongswan.org/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTMV2GAAoJEDg5KY9j7GZYBu8P/00PLLNwty1mBWsKVrss3eND NH0uja2Xbd1IEHbleWPwzO/tzEHAaNT7KjsxSbUL368buW0QdKvDxcPGO4QR7z56 DK482/jtPIqq6lFwAXCrJFoOLLIsDNmsG+uFexpfURr96hEWU0Y4i5/hvOhauN3u 8fjtQuSH20AQkelGvJq+WNv1s2HShoxlAdvq9QF8VJ5J9avVb/ACxfasn7gctNGy KkfFNuwG6G8wHYqDaQBmECDl3F2Cx7Uhab4Sbf+55OJ8LvrXWkI06+AeykefGaxR CSpSOWl3JG+mkhvcyliuI8cf9CncL2L0YAUTPU/5NsRuBivLDqgrM+ymMpaBfR9y 9V9aGS9foDlmnFShJH1qI2Y060TPK23L41kYADBt/MuztWnSoL8bmKrOAn2nsc4D dF2I98yG7TknfKwXnir+St/WBJ64GsLd3mBgH/908Rj6Vm/MQy3L9PZ2vp5gNmdO aMlz3YB74Qsd+koWrQgA16A5VqmO4/a2fFSVsd+wCjBbmAUI35WPz99N0QWF9Y6X fXMEWMP8KsWf0dfMUFZh66DXR8hqzm7L15t0QiLuDvbaVitUd2x37xbeBo1I80SU Hw+HJ+DXRykQihL8PB45q83fogrfR17aPvxEnh+lj48vR32S+U7RWcKeM/Q+7mvx mJxAOEUSv2hEZskVuJal =prNL -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
