Date: Tue, 16 Apr 2002 10:58:53 +0300 From: Dmitry Shupilov <root@ns.tb.by> To: Charles Henrich <henrich@sigbus.com> Cc: freebsd-security@freebsd.org Subject: Re: IPFW/IPsec Message-ID: <192415279580.20020416105853@ns.tb.by> In-Reply-To: <20020415231146.A21593@sigbus.com> References: <20020415231146.A21593@sigbus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Charles,
CH> Im trying to do something trivial here, but I just cant seem to figure out
CH> whats going on. Im trying to build a gateway that only accepts ESP tunnel
CH> packets. When I enable firewall rules something like:
CH> /sbin/ipfw add allow udp from any to any isakmp via xl0
CH> /sbin/ipfw add allow esp from any to any via xl0
CH> /sbin/ipfw add deny all from any to any via xl0
CH> /sbin/ipfw add allow all from any to any
CH> Communications fails. The thing is, I cant figure out why.
there is a GOLD ipfw rule:
/sbin/ipfw add 65000 deny log ip from any to any [via[xl0][dc0] - as you wish]
^^^
you add this rule and look at your log file
Dmitry
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?192415279580.20020416105853>