From owner-freebsd-net Tue Jan 15 7:39:13 2002 Delivered-To: freebsd-net@freebsd.org Received: from r4k.net (r4k.net [194.109.74.241]) by hub.freebsd.org (Postfix) with ESMTP id A671637B416 for ; Tue, 15 Jan 2002 07:39:07 -0800 (PST) Received: (from alexlh@localhost) by r4k.net (8.11.3/8.11.1) id g0FFdP629568; Tue, 15 Jan 2002 16:39:25 +0100 (CET) (envelope-from alexlh) Date: Tue, 15 Jan 2002 16:39:25 +0100 From: Alex Le Heux To: Ari Suutari Cc: Rene de Vries , Kshitij Gunjikar , net@FreeBSD.ORG Subject: Re: Filtering packets received through an ipsec tunnel Message-ID: <20020115153925.GY75815@funk.org> References: <200201150733.g0F7Xww91320@guinness.syncrontech.com> <20020115121821.GU75815@funk.org> <200201151213.g0FCDbw92015@guinness.syncrontech.com> <20020115123429.GV75815@funk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020115123429.GV75815@funk.org> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jan 15, 2002 at 01:34:29PM +0100, Alex Le Heux wrote: > > > > But doesn't ipsec stack already take care of this ? I think (hope) > > that is doesn't process the packet if it is coming from wrong tunnel > > because the packet does not match the policy. > > I'm not sure if it actually drops 'wrong' packets coming from the tunnel. > I'll see if I have some time soon to look into it. Sorry for replying to my own mail... It seems to do something like it, see sysctl net.inet.ipsec.def_policy in ipsec(4). It's not exactly the same though and certainly doesn't give very fine grained control. Although I can't really think of any situations that one can't cover this way. Regards, Alex Le Heux -- Happiness is a side effect of doing something that's got nothing to do with it, baby. - Bootsy Collins To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message