|
||||||||
Hi All, On Wed, 2004-03-10 at 21:19, Manuel Kasper wrote: > On 10.03.2004 08:31 +0100, JHead wrote: > > > I just join the group of people who would like to filtert the VPN > > traffic. > > Obviously its by design not possible, isn't it? > > No - the way IPsec and ipfilter interact in FreeBSD makes it > infeasible to filter traffic from/to VPN tunnels in a secure way. The exact same thing happens with a Linux iptables/FreeS/WAN implementation - the IPSEC traffic totally bypasses the firewalling rules. This is because it is expected that the remote network/computer being VPNed is intended to operate as if it were on the local LAN. If you want to restrict access to the remote LAN, then ACLs need to be implemened on your local LAN machines to allow local but not VPN traffic. These need to be applied to all applicable machines. -- Regards, Hilton Travis Phone: +61-(0)7-3343-3889 Manager, Quark AudioVisual Phone: +61-(0)419-792-394 Quark Computers http://www.QuarkAV.com/ (Brisbane, Australia) http://www.QuarkAV.net/ Open Source Projects: http://www.ares-desktop.org/ http://www.mamboband.org/ Non Linear Video Editing Solutions & Digital Audio Workstations Network Administration, SmoothWall Firewalls, NOD32 AntiVirus Conference and Seminar AudioVisual Production and Recording War doesn't determine who is right. War determines who is left. |