Yes, they work together. First, get freeswan working. Then when you add netfilter rules start with a default ACCEPT policy and add a LOG entry at the end of each chain. This will help you understand the packet flow so you can learn whether you need to apply a rule to an eth interface or to one of freeswan's ipsec interface to accept/deny a particular packet. You'll probably want to change the default policy to DENY at some point once you have enough rules in place to not lock yourself out of the box. If you are also NATing your connections on the same box then you also have to keep track of whether the rules need to apply to the real or NATed addresses. The log rule at the end of each chain will help you see which one you need. Good luck, Frank --On Friday, July 11, 2003 12:14:23 +0530 sathvanth subramaniam <sathvanth.subramaniam@xxxxxxxxxxxxxxxxxx> wrote: > hi all, > has anyone tried the freeswan + netfilter combination and made it work.i am > working on it and want to know if its possible. > any help or directions is appreciated. > > Regards, > sathvanth
