> >I am setting up two NetBSD 1.5 boxes wich tunnel and 
> >(ESP) encrypt traffic like follows:
> (snip)
> >If have successfully set up the systems, traffic gets
> >encrypted between the boxes.
> >But how can I drop all Packets on the Boxes, which
> >aren't from or to Net[1234] ?
> >I tried with additional SPD entries like:
> >   # disallow everything else
> >   spdadd Net1 0.0.0.0/0 any -P out discard ;
> >   spdadd 0.0.0.0/0 Net1 any -P in discard;
> >... at the *end* of my /etc/ipsec.conf.
> >This doesn't work. (No connection at all anymore)
> 
>         SPD entry works like packet filters - first one that matches will
>         decide the behavior.
> 
> itojun


Thank you for the fast answer.

I was able to make it work as I want now.
(I had to specify some more 'allow' rules before denying
 everything else.)

Chris

-- 
----------------------------------------------------------------------
Christoph Kaegi                                           kgc@zhwin.ch
----------------------------------------------------------------------