iptables -P FORWARD DROP
iptables -A FORWARD -m state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --dport 23 -m state --state NEW -i eth0 -o ipsec0 -j ACCEPT