Date: Fri, 03 Jan 2003 18:21:31 +0100 From: Eric Masson <e-masson@kisoft-services.com> To: Pekka Nikander <pekka.nikander@nomadiclab.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: IPsec / ipfw interaction in 4.7-STABLE: a proposed change Message-ID: <86fzsa87z8.fsf@notbsdems.nantes.kisoft-services.com> In-Reply-To: <3E15604B.3040505@nomadiclab.com> (Pekka Nikander's message of "Fri, 03 Jan 2003 12:04:59 %2B0200") References: <3E144753.7020905@nomadiclab.com> <86k7hnz4hp.fsf@notbsdems.nantes.kisoft-services.com> <3E15604B.3040505@nomadiclab.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Pekka" == Pekka Nikander <pekka.nikander@nomadiclab.com> writes: Pekka> Well, IMHO the best way would be to have a separate interface Pekka> for each tunnel end point. That would allow most fine grained Pekka> control, and would be easiest to understand. I was thinking of a virtual interface pour each incoming tunnel endpoint, nothing more. The problem, as pointed in another post, would be the numbering of these interfaces (from a filtering point of view). From a previous discussion in -security, a tunnel can be used in odd ways, and mixing with routing isn't a good idea : http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=fa.llg8ghv.1l0skqv%40ifi.uio.no Eric Masson -- 70% de frjv sont des newbies ? Et une fois qu'ils ne le sont plus que font-ils ? Ils quittent frjv parce que c'est trop à chier ? Parce que s'ils y restent et gardent leur comportement, ça devient des neuneux. -+- XB in: <http://www.le-gnu.net>; - Tu seras un neuneu mon fils -+- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86fzsa87z8.fsf>