On 8/13/05, Chris Bagnall <m0n0wall at minotaur dot cc> wrote:
> 
> However, if we're going to try IPSec to a provider's network for SIP
> traffic, we don't want to expose the whole local network to the provider -
> merely the asterisk box traffic is coming from (and even then, only limited
> ports). Does m0n0 support filtering rules on IPSec tunnels? 

not on inbound IPsec traffic.  Outbound, yes.  Inbound would require
the use of gif tunnels, and in and out filtering on them.  pfsense has
recently introduced gif support, but not at the point that it can be
used for this yet.


> are there any alternatives worth trying?
> 

no open source options (at least pre-packaged like m0n0wall) that I
know of that support this.  You could modify m0n0wall to either use
gif tunnels with inbound/outbound filtering or allow outbound
filtering rules on the LAN NIC.  Or build your own solution of some
sort.

-Chris