[Openswan Users] anything wrong with these iptables?
Paul Wouters
paul at xelerance.com
Thu Jul 15 13:16:52 EDT 2010
On Thu, 15 Jul 2010, Ryan McLeod wrote:
> I'm having some minor problems when a vpn re-establishes after one of the vpn devices are rebooted. It's an ASA to openswan setup. I just
> want to know if these iptable settings are proper.
>
> $IPTABLES -A INPUT -p udp --dport 500 -j ACCEPT
>
> $IPTABLES -A OUTPUT -p udp --dport 500 -j ACCEPT
> $IPTABLES -A INPUT -p udp --dport 4500 -j ACCEPT
> $IPTABLES -A OUTPUT -p udp --dport 4500 -j ACCEPT
This is not complete. the 4500 connection usually comes in from a random high port
$IPTABLES -A OUTPUT -p udp --sport 4500 -j ACCEPT
Paul
More information about the Users
mailing list