blog:linux:nftables_demystifying_ipsec_expressions
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
blog:linux:nftables_demystifying_ipsec_expressions [2022-06-06] – fixed typo Andrej Stender | blog:linux:nftables_demystifying_ipsec_expressions [2022-08-07] (current) – activated TOC Andrej Stender | ||
---|---|---|---|
Line 4: | Line 4: | ||
date created = 2022-01-30 | date created = 2022-01-30 | ||
~~ | ~~ | ||
- | |||
- | ~~NOTOC~~ | ||
In this article I like to take a look at the expressions provided by Nftables for matching IPsec-related network packets. The common situation is that you need to distinguish packets from normal traffic, which either have been received through a VPN tunnel and already have been decrypted or packets which are to be sent out on a VPN tunnel, but have not been encrypted yet. Those kind of packets can be matched by these expressions within packet filtering rules. I'll explain how these expressions work, what they use as back-end, what their limitations are and how you can use them to get your intended behavior. Further, I take a short glimpse at the Iptables equivalent of these expressions. | In this article I like to take a look at the expressions provided by Nftables for matching IPsec-related network packets. The common situation is that you need to distinguish packets from normal traffic, which either have been received through a VPN tunnel and already have been decrypted or packets which are to be sent out on a VPN tunnel, but have not been encrypted yet. Those kind of packets can be matched by these expressions within packet filtering rules. I'll explain how these expressions work, what they use as back-end, what their limitations are and how you can use them to get your intended behavior. Further, I take a short glimpse at the Iptables equivalent of these expressions. | ||
Line 176: | Line 174: | ||
* [[https:// | * [[https:// | ||
- | //published 2022-01-30//, | + | //published 2022-01-30//, |
blog/linux/nftables_demystifying_ipsec_expressions.1654531140.txt.gz · Last modified: 2022-06-06 by Andrej Stender