[strongSwan] firewall configuration on Linux for IKE and dpd?

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Thu May 27 17:09:19 CEST 2021


Hello Harald,

You can obviously do it, but don't need it, unless you use stateful firewall rules or accounting using conntrack.

Kind regards
Noel

Am 27.05.21 um 14:49 schrieb Harald Dunkel:
> Hi folks,
> 
> I wonder if it is reasonable to use connection tracking for
> 500/udp and 4500/udp in the iptables configuration, esp.
> wrt dead peer detection?
> 
> 
> Your thoughts on this?
> 
> Regards
> Harri

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210527/b9e9b5ea/attachment.sig>


More information about the Users mailing list