Date: Mon, 14 Jan 2002 13:09:22 +0100 From: "Reto Trachsel (NetModule)" <reto.trachsel@netmodule.com> To: freebsd-net@FreeBSD.ORG Subject: RE: Filtering packets received through an ipsec tunnel Message-ID: <F58DFF990DB0D411841D000102A7CD70090BEF@tigris.pacific>
next in thread | raw e-mail | index | archive | help
Hello IPSec Tunnel security is working like this: You have to permit traffic to the Tunnel, this you can du with Access-Lists on a Firewall (ie ipfw) In the Tunnel, only permitted traffic will be transmitted, so you don't have to filter packets comming from the IPSec Tunnel. It's not interesting to transmit all the traffic and filter the traffic on the tunnel-end. Beacause all traffic submitted by the tunnel needs bandwith on the WAN interface. But if you will do this, you can define special Access-lists with ipfw where you deny or permit special kinds of traffic from the Network on the other side of the tunnel. Regards Reto Trachsel Your Partner for Internet & Networking Technologies! ____________________________________________________ NetModule AG Meriedweg 7 / CH-3172 Niederwangen Phone: +41 31 985 25 10 / Fax: +41 31 985 25 11 www.netmodule.com NetModule AG, Java Competence Center Zuercherstrasse 12 / Postfach / CH-8401 Winterthur Phone: +41 52 209 00 44 / Fax: +41 52 209 00 40 ____________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F58DFF990DB0D411841D000102A7CD70090BEF>