<![CDATA[IPSEC filtering now present in recent snapshots]]>HEADS UP!

IPSEC Filtering is now present in the 1.0.X branch first appearing in
todays snapshot.

By default on upgrade we will install a default PASS rule for the
IPSEC interface to permit traffic.  So basically anyone upgrading will
not see a difference.  However, you can edit the default rule and
introduce fine grain control of the IPSEC tunnels if you wish.

The feature will appear in todays snapshot which is currently building
located at http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/

Have fun!

]]>https://forum.netgate.com/topic/3408/ipsec-filtering-now-present-in-recent-snapshotsRSS for NodeSat, 18 Apr 2026 10:23:12 GMTFri, 09 Feb 2007 19:27:02 GMT60<![CDATA[Reply to IPSEC filtering now present in recent snapshots on Wed, 21 Mar 2007 13:12:24 GMT]]>Yes, perfect.
Thanks.

]]>https://forum.netgate.com/post/151475https://forum.netgate.com/post/151475Wed, 21 Mar 2007 13:12:24 GMT<![CDATA[Reply to IPSEC filtering now present in recent snapshots on Sat, 17 Mar 2007 22:22:53 GMT]]>So it is working correctly now?

]]>https://forum.netgate.com/post/151290https://forum.netgate.com/post/151290Sat, 17 Mar 2007 22:22:53 GMT<![CDATA[Reply to IPSEC filtering now present in recent snapshots on Sat, 17 Mar 2007 22:20:57 GMT]]>I just noticed that. Thanks, i'll keep that in mind.

Cheers,
//Eskild

]]>https://forum.netgate.com/post/151289https://forum.netgate.com/post/151289Sat, 17 Mar 2007 22:20:57 GMT<![CDATA[Reply to IPSEC filtering now present in recent snapshots on Sat, 17 Mar 2007 22:13:51 GMT]]>This is for incoming traffic. Traffic that is sent from the remote end to you through the tunnel. If you have a pass any rule at lan it alows traffic to go into the tunnel fo course. You have to test this coming from the m0n0 end pinging through the tunnel.

]]>https://forum.netgate.com/post/151288https://forum.netgate.com/post/151288Sat, 17 Mar 2007 22:13:51 GMT<![CDATA[Reply to IPSEC filtering now present in recent snapshots on Sat, 17 Mar 2007 21:57:52 GMT]]>I did reset the states, delete both IPSEC SA, but i can still ping a host at the remote site.

//Eskild

ipsec_rules.png
ipsec_rules.png_thumb
tunnels.png
tunnels.png_thumb

]]>https://forum.netgate.com/post/151286https://forum.netgate.com/post/151286Sat, 17 Mar 2007 21:57:52 GMT<![CDATA[Reply to IPSEC filtering now present in recent snapshots on Sat, 17 Mar 2007 19:55:36 GMT]]>A new ruleset is only applied for new connections. If there are old states they will still be allowed until they are closed or time out. Make sure you don't test with old states (maybe do a diagnostisc>states, reset states).

]]>https://forum.netgate.com/post/151282https://forum.netgate.com/post/151282Sat, 17 Mar 2007 19:55:36 GMT<![CDATA[Reply to IPSEC filtering now present in recent snapshots on Sat, 17 Mar 2007 19:36:04 GMT]]>HI Scott, the filtering is most welcome.
I have tested the filtering through IPSEC tunnels on 1.0.1-SNAPSHOT-03-15-2007, and after rejecting any -any in IPSEC rules, i can still send traffic through the tunnels.

Are the filtering just for Mobile clients or should the tunnels be filtered too?

Thanks,
Eskild

]]>https://forum.netgate.com/post/151281https://forum.netgate.com/post/151281Sat, 17 Mar 2007 19:36:04 GMT