ZH wrote: >Hello, > >CAn someone point me to some documentation on howto make is firewall >for freeswan and ipsec? > >Thank you. > >ZLatko > >We havenn't seen this email :) > > > > Simple create a couple rules for protocol 50 (not port 50, protocol 50) and udp port 500 to the firewall box.
-A INPUT -i eth0 -p udp -m udp --dport 500 -j ACCEPT -A INPUT -i eth0 -p 50 -j ACCEPT -A FORWARD -i eth1 -o ipsec0 -j ACCEPT -A FORWARD -i ipsec0 -o eth1 -j ACCEPT -A OUTPUT -p 50 -j ACCEPT -A OUTPUT -p udp -dport 500 -j ACCEPT This is assuming that eth1 is your trusted interface and that your Freeswan interface is ipsec0. Follow the Freeswan docs on setting it up (very easy). I had it up and going with a Netscreen in under an hour. Hope this helps... Damian Kohlfeld Anobi Technology Corporation
