[Openswan Users] Netfilter/conntrack
Jason Sigurdur
jason.sigurdur at ASPENVIEW.ORG
Thu Jan 20 16:05:51 CET 2005
Hi, I have just noticed that with using the following rules on my external
interface that the
Ipsec "ESP" packets go throught the 'ESTABLISHED,RELATED' rule. IF I comment
out the lines with the
-p 50 and -p 51 and restart ipsec it still uses the 'ESTABLISHED RELATED'
rule?
What is happening here?
Thx jason
iptables -A IN_ETHX -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A IN_ETHX ! -i eth0 -m state --state NEW -j ACCEPT
iptables -A IN_ETHX -p udp -i eth0 --dport 500 -j ACCEPT
iptables -A IN_ETHX -p 51 -i eth0 -j ACCEPT
iptables -A IN_ETHX -p 50 -i eth0 -j ACCEPT
iptables -A IN_ETHX -m limit --limit 1/s -j LOG \
--log-level info --log-prefix "DROPPED_IN_ETHX: "
iptables -A IN_ETHX -j DROP
More information about the Users
mailing list