[Swan] How to recognize an HTTP request that passes through the IPSec channel?
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Sun May 29 18:32:04 UTC 2016
On Sun, May 29, 2016 at 02:13:19PM -0400, Paul Wouters wrote:
> You can limit the tunnel to only allow port 80 traffic using leftprotoport=tcp/80 and rightprotoport=tcp/0
>
> But then you still need to be sure unencrypted traffic is blocked if that's what you want to happen.
And of course HTTP traffic on a different port won't work. That would
require a much more advanced way to recognize the protocol, and in fact
iptables may in fact be the right tool for that.
--
Len Sorensen
More information about the Swan
mailing list