News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: IPSEC firewall filtering rules
Pages: [1]
Topic: IPSEC firewall filtering rules  (Read 1379 times)
« on: July 13, 2011, 12:55:03 »
JohnJFowler *
Posts: 18
I have a query in regards to the IPSEC Pseudo-rules available which can filter IPSEC traffic.

Do these rules only work one way? i.e. incoming traffic coming over an IPSEC tunnel only?

I'm running V1.3.3 and it appears that traffic coming from my remote sites appear as IPSEC interface rules, but for me to apply rules to prevent traffic back to the remote site, I need to use LAN only rules? so tracking any issues gets a little confusing when seeing the logs as one says LAN and the other as IPSEC.

Can IPSEC rules be applied from the local LAN to prevent unwanted or unnecessary traffic over the VPN using the IPSEC filtering, or is this by design to use the LAN rules for the outgoing traffic.

Also under the document http://doc.m0n0.ch/handbook/ch08s02.html, there is a reference to firewall support for IPSEC traffic (section 8.2.4), saying M0n0wall is setup for a "pass all" on new connections but can be deleted? Where exactly can these be "deleted"? (or is this just a simple case of "allow all" until an IPSEC rule is explicitly defined that will take over with an additional "deny all" for that tunnel?)

Sorry for the multiple questions, but starting getting to grips with the power of m0n0wall and its features equivalent or better than some of our Juniper Firewalls!
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines