[strongSwan] IPsec drop policies 2
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Jan 10 20:29:44 CET 2020
Set the priorities manually. Make sure the permitting policies have a higher one than the restricting ones.
Am 09.01.20 um 03:26 schrieb reterverv ercertecrterc:
> Thanks for the answer.
>
> I tried, like with passthrough policies.
>
> First I tried to block and then allow IPsec traffic with:
>
> swantchtl.conf:
> -----------------------------
> connections {
> dropall {
> children {
> dropall {
> local_ts = 0.0.0.0/0[%any/%any]
> remote_ts = 0.0.0.0/0[%any/%any]
> mode = drop
> start_action = trap
> }
> }
> }
> }
>
> connections {
> lan-passthrough {
> children {
> lan-passthrough {
> local_ts = 192.168.1.0/24[udp/50/51/53/500/4500]
> remote_ts = 192.168.1.0/24[udp/50/51/53/500/4500]
> mode = pass
> start_action = trap
> }
> }
> }
> }
> ----------------------------------
>
> It's not working. That's why I need help.
>
> Best regards
>
> Bernd
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200110/ad432914/attachment-0001.sig>
More information about the Users
mailing list