|
||||||||
On 5/15/06, Chris Buechler <cbuechler at gmail dot com> wrote: > Hi all - sorry for asking this as I beleive it will repeat what has been > > asked previously. It seems that m0n0wall cannot (or at least could not) > > filter or traffic shape traffic going through IPSEC, is this still the > case? > > > > I don't know about shaping, but you can firewall outbound IPsec > traffic just fine, just not incoming. I presume you would filter on the LAN interface when the traffic is going to a subnet that is connected to the other end of the IPSec tunnel? I had thought about doing this for traffic shaping - does anyone know how this would work? I mean I could make a rule that specifies traffic must go through the LAN interface and be destined for the subnet on the other end of the IPSec tunnel which then puts the traffic into a queue which is for IPSec - would this work? I'm not so sure how the packet shaper works - being as the queues are interface specific I presume they are purely just queues that hold packets until it is that packets turn to go out of the queue (and assuming the tunnel is free to use) and then are simply sent using the routing table? Could someone advise how it works or confirm what I've written if its right? Thanks > Also - does this apply to PPTP VPN's? > > no. Well, not for filtering, I have no idea for the shaper. > > -Chris Are there any plans to add "IPSec" as an entry to the filter/traffic shaper such as PPTP is? Cheers Chris - Michael |