Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:danci1973
openswan
openswan.README.SUSE
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openswan.README.SUSE of Package openswan
Packaging info for openswan --------------------------- openswan has replaced the freeswan package that was present on previous versions of SUSE Linux Professional and Enterprise Server. SUSE had been applying many patches to enhance the functionality of FreeS/WAN; many of them came from SuperFreeS/WAN which was an enhanced version of FreeS/WAN and the predecessor of OpenS/WAN. Firewalling with 2.6 kernel IPsec --------------------------------- In former times (2.4 kernel with KLIPS module), the use could use firewall rules that were matching only network packets received to sent via ipsec by specifying the interface ipsecX. This interface does not exist any more with the in-kernel implementation of IPsec support in kernel 2.6. To allow filtering specifically for IPsec packets, a new netfilter policy module has been created. To find out about it, enter ipsec -m policy --help You can match IPsec/non-IPsec traffic (--pol ipsec/none) by direction (in/out), protocol (esp/ah/ipcomp), mode (tunnel/transport), ... and do whatever you want with the matching packets (ACCEPT, DROP, ...) Here's an example that rejects all incoming packets from the interface $WLAN_IF that is are not IPsec ESP packets. iptables -A FORWARD -i $WLAN_IF -m policy --dir in --pol ipsec -j ACCEPT iptables -A FORWARD -i $WLAN_IF -j LOG --log-prefix "NonESP: " iptables -A FORWARD -i $WLAN_IF -j DROP Your Novell/SUSE team. http://www.suse.com/feedback/
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor