Pieterjan Heyse wrote:
> Hello m0n0wall peeps,
> can someone tell me what rules are necessary to _only_ allow IPSEC
technically, you only need IP protocol 50 (ESP) and UDP port 500, so two
ALLOW rules and then a DROP ALL at the end should do it. Note that it
has been a while that I played with IPSEC, mainly FreeS/WAN, but that is
what IPSEC needs according to the specs.
> I have some wireless bridges with a m0n0wall on each side, and
> tunneling everythin over ipsec. I would like to drop all the other
> traffic, only allowing the encrypted, secure traffic.
I have something similar, my OPT1 interface has a wireless access point,
and all I allow in is UDP port 1194, so I don't need WEP or any other
kind of pseudo-security - I just like OpenVPN's simplicity, and I use
the same setup to get into my LAN from anywhere in the world (office,
client sites), so IPSEC was not an option, since ESP is often blocked
outbound on corporate networks.