From owner-freebsd-net@FreeBSD.ORG  Mon Dec 13 10:29:30 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3184216A4CE; Mon, 13 Dec 2004 10:29:30 +0000 (GMT)
Received: from poison2.syncrontech.com (adsl-nat.syncrontech.com
	[213.28.98.3])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 662A343D5E; Mon, 13 Dec 2004 10:29:28 +0000 (GMT)
	(envelope-from ari@suutari.iki.fi)
Received: from guinness.syncrontech.com (guinness.syncrontech.com
	[62.71.8.57])iBDATKvg074446;	Mon, 13 Dec 2004 12:29:21 +0200 (EET)
	(envelope-from ari@suutari.iki.fi)
Received: from coffee (coffee.syncrontech.com [62.71.8.37])
	iBDATEoD045231;	Mon, 13 Dec 2004 12:29:15 +0200 (EET)
	(envelope-from ari@suutari.iki.fi)
Message-ID: <017001c4e0fe$99ce36c0$2508473e@sad.syncrontech.com>
From: "Ari Suutari" <ari@suutari.iki.fi>
To: "Andre Oppermann" <andre@freebsd.org>
References:
	<20041129100949.GA19560@bps.jodocus.org><41AAF696.6ED81FBF@freebsd.org><41AB3A74.8C05601D@freebsd.org><41AB65B2.A18534BF@freebsd.org><41B85729.40F00890@freebsd.org>
	<Pine.BSF.4.53.0412091605130.95268@e0-0.zab2.int.zabbadoz.net>
	<08f001c4de83$dfbb1b80$2508473e@sad.syncrontech.com>
	<41B98307.50D01EDB@freebsd.org>
Date: Mon, 13 Dec 2004 12:29:07 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
cc: freebsd-net@freebsd.org
Subject: Re: (review request) ipfw and ipsec processing order
	foroutgoingpackets
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2004 10:29:30 -0000

Hi,
>
> All I intend to provide is a way to specify whether you want IPSEC before
> or after pfil_hooks.  By default it will be as it is today and work 
> exactly
> the same.

    OK, this sounds like a good step. Maybe the next step could be third 
choice
    like 'both before and after' for us who are perhaps over-concerned about 
security ?

        Ari S.