Bringing up an IPSec tunnel and iptables won't help, because if I can guess your RSA key then I can get inside the tunnel.

dude from bmi