strongswan/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/iptables.rules

*filter

# default policy is DROP
-P INPUT DROP
-P OUTPUT DROP
-P FORWARD DROP

# allow IKE
-A INPUT  -i eth0 -p udp --dport 500 -j ACCEPT
-A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT

# allow MobIKE
-A INPUT  -i eth0 -p udp --dport 4500 -j ACCEPT
-A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT

# allow ssh
-A INPUT  -p tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp --sport 22 -j ACCEPT

# allow crl fetch from winnetou
-A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT

# allow ICMP
-A INPUT  -i eth0 -p icmp -j ACCEPT
-A OUTPUT -o eth0 -p icmp -j ACCEPT

COMMIT