Hello Noel,
Use stateful firewalling. See [1] for a good template to start out
with.
Forwarded traffic passes through the filter table in the FORWARD chain.
Only traffic destined for the host itself goes through the filter table
in the INPUT chain.
See this[2] diagram for details.
Some more information about firewalling on linux can be reached
over the other links[3][4][5][6].
Sorry! I should have been more clear. It's a little bit late :(
For my understanding I am using already stateful firewalling.
This is my iptables script @ linux router:
-> http://pastebin.com/7068V5y8
$IPTABLES --append INPUT --in-interface $PPP_IF --match conntrack
--ctstate ESTABLISHED,RELATED --jump ACCEPT
$IPTABLES --append FORWARD --in-interface $PPP_IF --match conntrack
--ctstate ESTABLISHED,RELATED --jump ACCEPT
So shouldn't pass the ipsec traffic?
P.S.: Windows has currently not enabled any firewall.
Conrad
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
