Hi,
I was just playing around with 2.6 IPSec and isakmpd and ran into a problem:
In order to have the packets from the peer IPSEC network accepted, I need to have an entry like
iptables -A INPUT -s 192.168.19.0/24 -j ACCEPT
where 192.168.19.0 is the network behind the ipsec peer.
But if I do this, the machine would also accept unencrypted packages
from the Internet (except for the fact that packets to RFC1918-Adresses are not
routed, but assume that the LAN has official addresses).
I can't even distinguish them by the interface, because from an
iptables point of view, the packages are incoming on the external interface,
as if they were coming unencrypted.
How do I treat packets from IPSec and unencrypted plain packets from the Internet differently with iptables?
regards Hadmut
