On 3/21/07, Kristian Shaw <monowall at wealdclose dot co dot uk> wrote:

> The modification is a bit of hack, as you need to put deny rules in to
> control IPSEC traffic since it is permitted by default (the reverse of
> normal traffic which is denied by default). I rather like the way that
> pfsense is using the enc0 interface to filter IPSEC traffic as that fit
> nicely into the existing model of how firewall rules are edited and
> displayed.

Frankly, the lack of control over IPSec connections in m0n0wall may be
one of the most glaring shortcomings of the entire firewall. It is
rare indeed, beyond home users, that a company can allow anyone who
gets a VPN set up access to everything.

My m0n0 is in home use, so it's not a huge deal - the firewall at work
to which I VPN does have the ability to block traffic and it gets
controlled there, but it is still something that should go on the
official to-do list for m0n0, in my humble opinion, to solve this
without having to resort to hacks.

Yes, I know I can go with pfsense instead, but besides this issue that
is not critical for me m0n0 is perfect for me.

-- 
-{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--

"In the beginning the Universe was created. This made a lot of people
very angry and has been widely regarded as a bad move."
  - "Hitchhikers Guide", Douglas Adams