Date: Wed, 25 Oct 2000 09:42:31 -0700 From: Kris Kennaway <kris@citusc17.usc.edu> To: Andrey Rouskol <anry@sovintel.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipsec and ipfw Message-ID: <20001025094231.A51227@citusc17.usc.edu> In-Reply-To: <Pine.BSF.4.21.0010251922330.7779-100000@anry.sovintel.ru>; from anry@sovintel.ru on Wed, Oct 25, 2000 at 07:32:58PM %2B0400 References: <Pine.BSF.4.21.0010251922330.7779-100000@anry.sovintel.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 25, 2000 at 07:32:58PM +0400, Andrey Rouskol wrote: > I've found that in -current outgoing ipsec-packets (esp, ah) pass > without been filtered by ipfw and incoming deencapsulated traffic is not > filtered by ipfw too. So telnet connection over ipsec with statefull > filtering is dropped in 20 seconds (which is dyn_syn_lifetime). All tests > was made in 'transport' mode. Is this normal ? Please show us your ipsec configuration and ipfw rules. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001025094231.A51227>