Date: Wed, 15 Jan 2003 23:24:52 -0500 From: "Ben Pfountz" <netprince@vt.edu> To: <freebsd-mobile@FreeBSD.ORG> Subject: Re: Requireing IPsec on wi interface? Message-ID: <002501c2bd17$36ebdd80$6511a8c0@benspiece>
next in thread | raw e-mail | index | archive | help
Hey list, Just to close out my thread, here is what I found dealing with forcing IPsec on a network interface with FreeBSD 4.7-STABLE or later... IPsec packets can be seperated from clear packets at the layer2 level in the firewall. Once they get up to the higher levels, the esp flag cannot be used to seperate clear from encrypted packets. This is an example of how to block all non-ipsec packets coming in on an interface: allow all esp from any to any in via wi0 layer2 deny all not esp from any to any in via wi0 layer2 allow all from any to any in via wi0 not layer2 You will need IPFW2, so read the IPFW man page on how to build it into your system. Ben To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002501c2bd17$36ebdd80$6511a8c0>