IPsec und die Firewall: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 3: Zeile 3:
  
 
= iptables =
 
= iptables =
 +
* Diese Regeln gehen davon aus, dass $LEFTNET das eigene Netz ist
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
 +
iptables -A INPUT -m multiport -p udp --dport 500,4500 -o $WANDEV -j ACCEPT
 
iptables -A INPUT -i $WANDEV -p esp -j ACCEPT
 
iptables -A INPUT -i $WANDEV -p esp -j ACCEPT
 +
iptables -A OUTPUT -m multiport -p udp --dport 500,4500 -o $WANDEV -j ACCEPT
 
iptables -A OUTPUT -i $WANDEV -p esp -j ACCEPT
 
iptables -A OUTPUT -i $WANDEV -p esp -j ACCEPT
 
iptables -A FORWARD -i $WANDEV -o $LANDEV -m policy --dir in --pol ipsec -j ACCEPT
 
iptables -A FORWARD -i $WANDEV -o $LANDEV -m policy --dir in --pol ipsec -j ACCEPT
 
iptables -A FORWARD -i $LANDEV -o $WANDEV -m policy --dir out --pol ipsec -j ACCEPT
 
iptables -A FORWARD -i $LANDEV -o $WANDEV -m policy --dir out --pol ipsec -j ACCEPT
 +
iptables -t nat -A PREROUTING -i $WANDEV -s $RIGHTNET -j RETURN
 +
iptables -t nat -A POSTROUTING -s $LEFTNET -o $WANDEV -d $RIGHTNET -j RETURN
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 
= nftables =
 
= nftables =

Version vom 18. September 2024, 20:53 Uhr

iptables

  • Diese Regeln gehen davon aus, dass $LEFTNET das eigene Netz ist
iptables -A INPUT -m multiport -p udp --dport 500,4500 -o $WANDEV -j ACCEPT
iptables -A INPUT -i $WANDEV -p esp -j ACCEPT
iptables -A OUTPUT -m multiport -p udp --dport 500,4500 -o $WANDEV -j ACCEPT
iptables -A OUTPUT -i $WANDEV -p esp -j ACCEPT
iptables -A FORWARD -i $WANDEV -o $LANDEV -m policy --dir in --pol ipsec -j ACCEPT
iptables -A FORWARD -i $LANDEV -o $WANDEV -m policy --dir out --pol ipsec -j ACCEPT
iptables -t nat -A PREROUTING -i $WANDEV -s $RIGHTNET -j RETURN
iptables -t nat -A POSTROUTING -s $LEFTNET -o $WANDEV -d $RIGHTNET -j RETURN

nftables

Abgerufen von „http://wiki.ixheim.de/index.php?title=IPsec_und_die_Firewall&oldid=56435