|
||||||||
Pieterjan Heyse wrote: > Hello m0n0wall peeps, > > can someone tell me what rules are necessary to _only_ allow IPSEC > traffic? > technically, you only need IP protocol 50 (ESP) and UDP port 500, so two ALLOW rules and then a DROP ALL at the end should do it. Note that it has been a while that I played with IPSEC, mainly FreeS/WAN, but that is what IPSEC needs according to the specs. > I have some wireless bridges with a m0n0wall on each side, and > tunneling everythin over ipsec. I would like to drop all the other > traffic, only allowing the encrypted, secure traffic. > I have something similar, my OPT1 interface has a wireless access point, and all I allow in is UDP port 1194, so I don't need WEP or any other kind of pseudo-security - I just like OpenVPN's simplicity, and I use the same setup to get into my LAN from anywhere in the world (office, client sites), so IPSEC was not an option, since ESP is often blocked outbound on corporate networks. Sven |