Date: Wed, 25 Oct 2000 19:32:58 +0400 (MSD) From: Andrey Rouskol <anry@sovintel.ru> To: freebsd-security@freebsd.org Subject: ipsec and ipfw Message-ID: <Pine.BSF.4.21.0010251922330.7779-100000@anry.sovintel.ru>
next in thread | raw e-mail | index | archive | help
Hi ! I've found that in -current outgoing ipsec-packets (esp, ah) pass without been filtered by ipfw and incoming deencapsulated traffic is not filtered by ipfw too. So telnet connection over ipsec with statefull filtering is dropped in 20 seconds (which is dyn_syn_lifetime). All tests was made in 'transport' mode. Is this normal ? Regards, Andrey. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010251922330.7779-100000>