diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-06-29 00:07:15 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-06-29 00:07:15 +0200 |
commit | b1f1e5e5f27c484d2864bb82a72af634124c7310 (patch) | |
tree | 6b3b7c6dbeedfef5b572b88659eab06207dd27d6 /testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.rules | |
parent | b1b0cce396a039bc7cbd6a5203cf51ac688fb089 (diff) | |
download | strongswan-b1f1e5e5f27c484d2864bb82a72af634124c7310.tar.bz2 strongswan-b1f1e5e5f27c484d2864bb82a72af634124c7310.tar.xz |
5.1.0 changes for test cases
Diffstat (limited to 'testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.rules')
-rw-r--r-- | testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.rules | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.rules b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.rules new file mode 100644 index 000000000..cc12d1659 --- /dev/null +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.rules @@ -0,0 +1,32 @@ +*filter + +# default policy is DROP +-P INPUT DROP +-P OUTPUT DROP +-P FORWARD DROP + +# allow esp +-A INPUT -i eth0 -p 50 -j ACCEPT +-A OUTPUT -o eth0 -p 50 -j ACCEPT + +# allow IKE +-A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT +-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + +# allow MobIKE +-A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT +-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + +# allow ssh +-A INPUT -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --sport 22 -j ACCEPT + +# allow crl fetch from winnetou +-A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT +-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT + +# allow traffic tunnelled via IPsec +-A FORWARD -i eth0 -o eth1 -m policy --dir in --pol ipsec --proto esp -j ACCEPT +-A FORWARD -o eth0 -i eth1 -m policy --dir out --pol ipsec --proto esp -j ACCEPT + +COMMIT |