Hi, Mitesh P Choksi [mailto:murli@icafe.co.tz] wrote: >=20 > How does netfilter work with other protocols apart tcp/udp/icmp? >=20 > I am trying to either block or account IPSec traffic. >=20 Well that can be done with: iptables -A ... -p udp --dport 500 -j ...=20 iptables -A ... -p 50 -j ... iptables -A ... -p 51 -j ... for IKE, ESP and AH respectively. You may also want to=20 look at the "ah" and "esp" matches that allow you to=20 match against the SPI of AH and ESP IPsec traffic. Those matches are in the standard kernel. Regards, Filip
