[strongSwan] side2side and firewall
Dr.Peer-Joachim Koch
pkoch at bgc-jena.mpg.de
Tue Mar 25 09:11:47 CET 2014
Hello Noel,
yes, using iptables directly would be one way. Another would be
to include somehow into the ipsec configuration. To have all configuration
issues at one point.
Bye, Peer
On 24.03.2014 17:40, Noel Kuntze wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Peer,
>
> If course you can do that. Iptables on Linux and pfsense on BSD offer enough functionality to do that.
> Look at the policy module for iptables.
> I don't know where to look for BSD, but it ought to have something similiar.
>
> Regards
> Noel Kuntze
>
> Am 24.03.2014 16:04, schrieb Dr.Peer-Joachim Koch:
>> Hi,
>>
>> is it possible to setup a couple of firewall rules on the
>> ipsec gw ?
>> We want to make sure that not everybody from the "outside" has access
>> to everything on the "inside".
>> So can it be limit to (example) port 25,80,143,443,587,993 from the outside
>> to the inside and all open on the inside ?
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTMF/xAAoJEDg5KY9j7GZYGxUP/RZ/86cfwflzt8IrtdrINidP
> dNQnchNim89XgO1LPuqgXCGIBhhLojQV0OkmbXg2Sl3xyu/grYjxSOHxalXaDCFN
> o03ynRRjMbA3DRSpQpwMoiU+nuuFne9zwQZiNlKLwDAkdw/aYHvMsw9PwlTq3QSE
> yga/M/K0IxVna/tYVxoEkaEjmxArQH162p/KgOLTSNf/+RVYiOXjjmF/e5HL0qVJ
> NscHmmnsemvtDt1HkPLJCa7FkpjoTH68BqcPLiN5bH7Ft7d3I9oo+xq1W6WR58qe
> 2GnZxtkQO33Z3kw0tHdwkNT9NC6oOjGiNbut8nD37pHhsZkIXXMlN75CWIv7JVEA
> CUQvKFsp6AObvYe+B0xE4BODDQ2jBCtNn+oBbVX/lM/psBvmVeSJc5sTTZcIllbB
> qYL9bfzweeuFYgtpMgdk8o0UfLrguyX0MB4W1qZdZUbjQZY9oTJP+XmJDUQ+S1XH
> YyKIGtPLOGQ2+K7QqBg8rEMd+7MnCppn98BLfn0DJTZd44UowyDtqUiMrXPvcMXX
> xBLYE91cjKI/hm5jDRDn8bY8DJ8dbmtYlHolNmXM0jFO/VpQOLitpndArpmB2Kbm
> ArHK3IxYOzOA4IVY2zzIByy3ypCXrBLNoBl9b/8XExwa7cc4BJAR2YyVcMI10oOe
> l3Y+ZV0gH3jN914xTccg
> =qmrY
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
Mit freundlichem Gruß
Peer-Joachim Koch
_________________________________________________________
Max-Planck-Institut fuer Biogeochemie
Dr. Peer-Joachim Koch
Hans-Knöll Str.10 Telefon: ++49 3641 57-6705
D-07745 Jena Telefax: ++49 3641 57-7705
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkoch.vcf
Type: text/x-vcard
Size: 321 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140325/ef1b851d/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140325/ef1b851d/attachment.bin>
More information about the Users
mailing list