[CentOS] openswan and klips ipsec stack

Mon Oct 6 19:08:16 UTC 2014
Eero Volotinen <eero.volotinen at iki.fi>

2014-10-06 22:02 GMT+03:00 Steve Clark <sclark at netwolves.com>:

> On 10/06/2014 02:00 PM, Eero Volotinen wrote:
>
>> Hi List,
>>
>> Is there easy way to get klips ipsec stack into centos 6? As it makes
>> firewalling ipsec traffic much easier..
>>
>> Eero
>>
> Hi Eero,
>
> If you are only concerned about firewalling incoming traffic why would you
> need more than:
> -A INPUT -p udp -s peerip/32 --sport 500 -d yourip/32 --dport 500 -j ACCEPT
> -A INPUT -p esp -s peerip/32 -d yourip/32 -j ACCEPT
>
>
Also need to filter outgoing ipsec traffic and it's a bit complex on netkey
stack?

--
Eero