Hello everyone =) I have reviewed a few posts about how to setup rules to allow IPSec. I sure would appreciate a peer review of my rules for IPSec traffic before putting them into general use. Of course, this is not my whole rule set, just the IPSec aspects. I'm not doing NAT on the inside (we're lucky enough to have a few class 'C's to use around here). And for simplicity I'm trusting roadwarriors and not limiting the source of IPSec traffic. eth1 = untrusted side eth0 = trusted side INPUT: $IPTABLES -A INPUT -i eth1 -p 50 -j ACCEPT $IPTABLES -A INPUT -i eth1 -p 51 -j ACCEPT $IPTABLES -A INPUT -i eth1 -p UDP --dport 500 -j ACCEPT FORWARD: $IPTABLES -A FORWARD -i eth0 -o ipsec+ -j ACCEPT $IPTABLES -A FORWARD -i ipsec+ -o eth0 -j ACCEPT OUTPUT: $IPTABLES -A OUTPUT -p 50 -j ACCEPT $IPTABLES -A OUTPUT -p 51 -j ACCEPT $IPTABLES -A INPUT -p udp -m udp --dport 500 -j ACCEPT Thanks everyone, --jim
