[CentOS] openswan and klips ipsec stack
Steve Clark
sclark at netwolves.com
Mon Oct 6 19:02:05 UTC 2014
On 10/06/2014 02:00 PM, Eero Volotinen wrote:
> Hi List,
>
> Is there easy way to get klips ipsec stack into centos 6? As it makes
> firewalling ipsec traffic much easier..
>
> Eero
Hi Eero,
If you are only concerned about firewalling incoming traffic why would you need more than:
-A INPUT -p udp -s peerip/32 --sport 500 -d yourip/32 --dport 500 -j ACCEPT
-A INPUT -p esp -s peerip/32 -d yourip/32 -j ACCEPT
--
Stephen Clark
More information about the CentOS
mailing list