[ previous ] [ next ] [ threads ]
 
 From:  Christoph Hanle <christoph dot hanle at leinpfad dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec Firewall rules
 Date:  Wed, 28 Jun 2006 18:33:24 +0200
> Hello list,
> 
>  
> 
> is there a possibility to restrict the IPSec-Traffic with firewallrules ?
> 
> I`ve a IPSec connection between two points and a firewallrule created that
> 
> the "other" side shall only reach Port 80 in our Network. But it can reach
> all
> 
> Ports on all machines !? Nevermind the rules.
> 
> Can you help ?

Yes.
You can only restrict the traffic on the sourceside (beginning of the 
tunnel).
e.g
1. Rule: allow all TCP LanNet to port 80 TCP remote Net (through the tunnel)
2. Rule: deny all LanNet to all remote Net.

Rules at the end of a tunnel have no effect.

bye
Christoph



> 
>  
> 
>  
> 
> Greets
> 
> Marcel
> 
>