GRE and firewall

  • I have setup a ipsec tunnel with GRE, GRE is defined as Interfaces, setup static routes etc. and everything is working just fine, I can reach both ends subnet.
    But now I want to do some firewalling and I can't get that one to work.
    When I block all traffic on the GRE interface, I can still ping other boxes, so it doesn't do anything with the firewall settings.
    When I do a Packet capture, I see the traffic going trough the GRE interface.

    What do I do wrong, or what do I have to change?

  • We would have to know what you did in the first place to be able to tell you if it's wrong or needs to be changed.  Your network config?  Your firewall rule that failed?  Your packet capture showing the traffic not being blocked?…  You've given almost no detail.

  • I figured it out, the GRE will be handled in the floating firewall rules, not in the interface firewall rules.
    So all firewalling goes there.

Log in to reply