Thermalcircle.de

climbing the thermals

User Tools

Site Tools

blog:linux:nftables_demystifying_ipsec_expressions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
blog:linux:nftables_demystifying_ipsec_expressions [2022-06-06] – fixed typo Andrej Stenderblog:linux:nftables_demystifying_ipsec_expressions [2022-08-07] (current) – activated TOC Andrej Stender
Line 4: Line 4:
 date created = 2022-01-30 date created = 2022-01-30
 ~~ ~~
- 
-~~NOTOC~~ 
  
 In this article I like to take a look at the expressions provided by Nftables for matching IPsec-related network packets. The common situation is that you need to distinguish packets from normal traffic, which either have been received through a VPN tunnel and already have been decrypted or packets which are to be sent out on a VPN tunnel, but have not been encrypted yet. Those kind of packets can be matched by these expressions within packet filtering rules. I'll explain how these expressions work, what they use as back-end, what their limitations are and how you can use them to get your intended behavior. Further, I take a short glimpse at the Iptables equivalent of these expressions. In this article I like to take a look at the expressions provided by Nftables for matching IPsec-related network packets. The common situation is that you need to distinguish packets from normal traffic, which either have been received through a VPN tunnel and already have been decrypted or packets which are to be sent out on a VPN tunnel, but have not been encrypted yet. Those kind of packets can be matched by these expressions within packet filtering rules. I'll explain how these expressions work, what they use as back-end, what their limitations are and how you can use them to get your intended behavior. Further, I take a short glimpse at the Iptables equivalent of these expressions.
Line 176: Line 174:
   * [[https://ipset.netfilter.org/iptables-extensions.man.html|man iptables-extensions(8)]]   * [[https://ipset.netfilter.org/iptables-extensions.man.html|man iptables-extensions(8)]]
  
-//published 2022-01-30//, //last modified 2022-06-06//+//published 2022-01-30//, //last modified 2022-08-07//
  
  
  
blog/linux/nftables_demystifying_ipsec_expressions.1654531140.txt.gz · Last modified: 2022-06-06 by Andrej Stender