[Swan] How to recognize an HTTP request that passes through the IPSec channel?

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Sun May 29 18:32:04 UTC 2016

On Sun, May 29, 2016 at 02:13:19PM -0400, Paul Wouters wrote:
> You can limit the tunnel to only allow port 80 traffic using leftprotoport=tcp/80 and rightprotoport=tcp/0
> But then you still need to be sure unencrypted traffic is blocked if that's what you want to happen.

And of course HTTP traffic on a different port won't work.  That would
require a much more advanced way to recognize the protocol, and in fact
iptables may in fact be the right tool for that.

Len Sorensen

More information about the Swan mailing list