Date: Sun, 13 Aug 2006 17:30:50 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: mal content <artifact.one@googlemail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Packet filtering on tap interfaces Message-ID: <20060813171432.C45647@fledge.watson.org> In-Reply-To: <8e96a0b90608120936q67a5365vcc97217b44a272c0@mail.gmail.com> References: <8e96a0b90608120936q67a5365vcc97217b44a272c0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 12 Aug 2006, mal content wrote: > Can tap interfaces reliably be filtered? Max has provided a detailed answer, but I wanted to answer a more general question here: a tap interface plugs into the normal kernel network interface and ethernet layers, and as such, packets sent and received over tap interfaces are processed entirely normally with respect to firewall services, etc. In general, if a network service, such as IPSEC or a firewall, would work for a physical interface, it will work for a tap interface. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060813171432.C45647>