Vai al contenuto

keep ipsecstate

Description

Enables stateful firewalling by temporarily opening a port for incoming traffic when an outgoing packet matches the specified rule. With the keep ipsecstate keyword, the firewall tracks the state of a connection based on the use of encryption by IPsec. For outgoing packets, if encryption is in use, the VPN gateway address is stored in the firewall state entry. For incoming packets, the packet must be issued from the same VPN gateway before it is forwarded to the destination.
Keeping state focuses on blocking or passing packets from a new connection. If the new connection is allowed, all packets are passed in both directions. If a new connection is blocked, all packets are blocked in both directions.

Synopsis

{block | pass} {in | out} {to | from} address_scope keep ipsecstate
address_scope can be a unique IP address, an address space, or the keywords !, all, me, or any.

Scarica PDF

Scarica questa pagina