Date: Fri, 13 Jun 2003 01:10:10 +0100 From: Bruce M Simpson <bms@spc.org> To: Justin <justin@othius.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Impossible to IPfilter this? Message-ID: <20030613001010.GA9463@spc.org> In-Reply-To: <20030612180120.B54558@ike.othius.com> References: <20030607111540.GC4812@lupe-christoph.de> <20030612132138.A26888@shell.gsinet.sittig.org> <20030612184124.GD26930@lupe-christoph.de> <20030612180120.B54558@ike.othius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
There's a hack for this in -CURRENT: # # Set IPSEC_FILTERGIF to force packets coming through a gif tunnel # to be processed by any configured packet filtering (ipfw, ipf). # The default is that packets coming from a tunnel are _not_ processed; # they are assumed trusted. # # Note that enabling this can be problematic as there are no mechanisms # in place for distinguishing packets coming out of a tunnel (e.g. no # encX devices as found on openbsd). # #options IPSEC_FILTERGIF #filter ipsec packets from a tunnel BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030613001010.GA9463>