On Monday 14 October 2002 12:17 pm, Fabrice MARIE wrote: > Hello Cyberdude, > > On Saturday 12 October 2002 04:45, Mitesh P Choksi wrote: > > Dear All, > > How does netfilter work with other protocols apart tcp/udp/icmp? > > I am trying to either block or account IPSec traffic. > > Regards, > > Cyberdude Murli > > The Earth > > to block ipsec (IIRC): > # iptables -A FORWARD -p 50 -j DROP > # iptables -A FORWARD -p 51 -j DROP > # iptables -A FORWARD -p tcp --dport 500 -j DROP Close, but not quite.... IKE uses UDP port 500, not TCP port 500. Also, it uses port 500 for both source and destination, so if you wanted to be more specific you could be: iptables -A FORWARD -p udp --sport 500 --dport 500 -j DROP Antony. -- I vote "no" to this proposal to form a committee to investigate whether we should or should not hold a ballot on whether to vote yet.
