Current File : //etc/inet/ipsecinit.sample

#
# Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
#
# This is a sample IPsec configuration file. To configure IPsec policy
# modify this file and copy it to /etc/inet/ipsecinit.conf. The policy won't
# be activated until the IPsec policy service is restarted:
#
# svcadm restart svc:/network/ipsec/policy:default
#
# The file contains only IPsec policy directives. Any policy rule that
# uses encryption (encr_algs ..) and/or authentication (encr_auth_algs ... or
# auth_algs ...) will require keying material to operate. The recommended way
# of providing keying material for IPsec is to configure IKE. See ike.config(4)
# for more details or /etc/inet/ike/config.sample for a simple example.
#
# In the following simple example, outbound network traffic between the local
# host and a remote host will be encrypted. Inbound network traffic between
# these addresses is required to be encrypted as well.
#
# This example assumes that 10.0.0.1 is the IPv4 address of this host (laddr)
# and 10.0.0.2 is the IPv4 address of the remote host (raddr).
#

{laddr 10.0.0.1 raddr 10.0.0.2} ipsec
	{encr_algs aes encr_auth_algs sha256 sa shared}

# The policy syntax supports IPv4 and IPv6 addresses as well as symbolic names.
# Refer to the ipsecconf(1M) man page for warnings on using symbolic names and
# many more examples, configuration options and supported algorithms.
#
# This example assumes that 10.0.0.1 is the IPv4 address of this host (laddr)
# and 10.0.0.2 is the IPv4 address of the remote host (raddr).
#
# The remote host will also need an IPsec (and IKE) configuration that mirrors
# this one.
#
# The following line will allow ssh(1) traffic to pass without IPsec protection:

{lport 22 dir both} bypass {}

#
# {laddr 10.0.0.1 dir in} drop {}
#
# Uncommenting the above line will drop all network traffic to this host unless
# it matches the rules above. Leaving this rule commented out will allow
# network packets that does not match the above rules to pass up the IP
# network stack.
#
# The ipsecconf(1M) man page describes rule precedence.