Security (III.6) IPSec - Firewall-Regeln

  # Zwei verschiedene VPN-Lösungen:

  #  1. ppp over ssh
  add 1002 allow all from any to any via tun1

  #  2. IPSec
  add 1003 allow udp from any to 192.168.43.1 isakmp      # Schlüsselaustausch
  add 1003 allow udp from 192.168.43.1 to any isakmp
  add 1003 allow esp from any to 192.168.43.1             # Verschlüsselte Pakete
  add 1003 allow esp from 192.168.43.1 to any
  add 1003 allow ipencap from any to 192.168.43.1
  add 1003 allow ipencap from 192.168.43.1 to any
  add 1004 allow all from any to any via gif0             # gif0 ist im VPN

  # Wireless. Nicht vertrauenswürdig. Lasse dennoch ein paar Verbindungen zu
  add 1010 allow tcp from any to 192.168.0.0/16 ssh, http, auth, domain in via ath0 setup keep-state
  add 1010 allow udp from any to any bootps, bootpc, domain in via ath0 keep-state

  # Ping und diverses anderes ICMP-Zeug
  add 4000 allow icmp from any to any icmptypes 0,3,8,11,12,13,14

  # Blocke den Rest.
  add 8000 unreach port log { tcp or udp } from any to any
  add 8000 deny all from any to any