Date: Sun, 23 Feb 2003 09:47:05 -0800 From: "Sam Leffler" <sam@errno.com> To: <stable@freebsd.org> Subject: iHEADS UP: ipsec packet filtering change Message-ID: <1a5401c2db63$945db690$52557f42@errno.com>
next in thread | raw e-mail | index | archive | help
This may affect your ipfw/ipf rules. If you are happy with the current
behaviour then add IPSEC_FILTERGIF to your kernel config file.
Sam
----- Original Message -----
From: "Sam Leffler" <sam@FreeBSD.org>
To: <src-committers@FreeBSD.org>; <cvs-src@FreeBSD.org>;
<cvs-all@FreeBSD.org>
Sent: Sunday, February 23, 2003 9:45 AM
Subject: cvs commit: src/sys/conf options src/sys/netinet ip_input.c
src/sys/i386/conf LINT
> sam 2003/02/23 09:45:29 PST
>
> Modified files: (Branch: RELENG_4)
> sys/conf options
> sys/netinet ip_input.c
> sys/i386/conf LINT
> Log:
> MFC: IPSEC_FILTERGIF config option
>
> Add a new config option IPSEC_FILTERGIF to control whether or not
> packets coming out of a GIF tunnel are re-processed by ipfw, et. al.
> By default they are not reprocessed. With the option they are.
>
> This reverts 1.214. Prior to that change packets were not re-processed.
> After they were which caused problems because packets do not have
> distinguishing characteristics (like a special network if) that allows
> them to be filtered specially.
>
> PR: 48159
> Reviewed by: Guido van Rooij <guido@gvr.org>
> Approved by: re (jhb, murray)
>
> Revision Changes Path
> 1.191.2.47 +1 -0 src/sys/conf/options
>
http://cvsweb.FreeBSD.org/src/sys/conf/options.diff?r1=1.191.2.46&r2=1.191.2
.47
> 1.749.2.136 +11 -0 src/sys/i386/conf/LINT
>
http://cvsweb.FreeBSD.org/src/sys/i386/conf/LINT.diff?r1=1.749.2.135&r2=1.74
9.2.136
> 1.130.2.48 +7 -0 src/sys/netinet/ip_input.c
>
http://cvsweb.FreeBSD.org/src/sys/netinet/ip_input.c.diff?r1=1.130.2.47&r2=1
.130.2.48
>
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1a5401c2db63$945db690$52557f42>