Re: kernel 2.6 IPsec and netfilter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Devaraj Das wrote:

Hi,
I wanted to know whether there is a working solution for the issue that
was discussed sometime back:
http://www.spinics.net/lists/netfilter/msg22099.html
In short is there any solution to enable blocking selective ports in a
machine running Linux 2.6.0 + in-kernel ipsec.
I would be very helpful if I can get a working solution or some
information on a possible solution.
Thanks,
Devaraj.


Hi,
if you look at ipsec from Linux-2.6.0 you would have noticed that you define
SRC-IP/SRC-PORT -- DST-IP/DST-PORT this mean you question imply the following setup:

1. You allow any port combination to go via the ipsec tunnel
2. You have ports that should not go via the ipsec tunnel wich you allow via ipsec
3. Now this ports should be filtered on iptables layer
- possible at prerouting/mangle
+ define the correkt ipsec config

Gruß Thomas Lußnig


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux