Does IPSEC traffic pass through firewall?



  • Hi,

    Using pfsense as an IPSEC gateway, can i limit the traffic coming in through IPSEC "tunnel" to certain LAN hosts, certain TCP ports only? Hosts on the other end of IPSEC "tunnel" are only supposed to access only certain services in my network.

    cheers,
    xo



  • You can't block traffic incoming through the tunnel yet with pfsense 1.0. However we have this already working in head. If you have control of both ends of the tunnel block at the end where the traffic is coming in at lan and enters the tunnel at the lan interface.



  • @hoba:

    You can't block traffic incoming through the tunnel yet with pfsense 1.0. However we have this already working in head. If you have control of both ends of the tunnel block at the end where the traffic is coming in at lan and enters the tunnel at the lan interface.

    The thing is - i dont control the other end. The way i see it - the fact that i need encrypted traffic with someone doesn't necessarily mean i trust him to my network. And besides, even if i did control the other end - what if it was compromised via physical access. In any scenario, it would be wise to limit incoming traffic to necessary services only.

    Is there a way to achieve this manually? I am familiar with Linux ipchains and iptables, but not bsd packet filter.



  • @hoba:

    However we have this already working in head.

    This means it's already working in our codetree for the next major version. You won't be able to achieve this with 1.0. You have to wait for the release of this version to get this feature.


Log in to reply