On Wed, 2003-07-23 at 16:11, Garcia Ruiz wrote: > Couldn't be possible to filter taking into account the internal > interface where it is suppose not to be encrypted? I should clarify that I'm not using FreeS/WAN so there's no extra network interface that gives me access to unencrypted packets. On Wed, 2003-07-23 at 15:42, Ramin Dousti wrote: > Once the IPsec traffic has been terminated (decapsulated) you can > filter it based on the services (tcp or udp ports) prior to that > you only can filter based on the outer IP header... OK. Is there a way to decapsulate an ESP packet in iptables? -- Rick Kennell <kennell@xxxxxxxxxxxxxx> Purdue University Department of Electrical and Computer Engineering
