From owner-cvs-all@FreeBSD.ORG  Mon Jun 26 13:13:42 2006
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B9FB416A4C2;
	Mon, 26 Jun 2006 13:13:42 +0000 (UTC)
	(envelope-from trhodes@FreeBSD.org)
Received: from pittgoth.com (ns1.pittgoth.com [216.38.206.188])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B36A243F34;
	Mon, 26 Jun 2006 13:10:11 +0000 (GMT)
	(envelope-from trhodes@FreeBSD.org)
Received: from localhost (ip70-177-190-239.dc.dc.cox.net [70.177.190.239])
	(authenticated bits=0)
	by pittgoth.com (8.13.4/8.13.4) with ESMTP id k5QDGjVw067152
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Mon, 26 Jun 2006 09:16:46 -0400 (EDT)
	(envelope-from trhodes@FreeBSD.org)
Date: Mon, 26 Jun 2006 09:10:09 -0400
From: Tom Rhodes <trhodes@FreeBSD.org>
To: Giorgos Keramidas <keramida@FreeBSD.org>
Message-Id: <20060626091009.457e14a6.trhodes@FreeBSD.org>
In-Reply-To: <200606261306.k5QD6MxK069792@repoman.freebsd.org>
References: <200606261306.k5QD6MxK069792@repoman.freebsd.org>
X-Mailer: Sylpheed version 1.0.6 (GTK+ 1.2.10; i386-portbld-freebsd7.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: doc-committers@FreeBSD.org, cvs-doc@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: doc/en_US.ISO8859-1/books/handbook/security
 chapter.sgml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2006 13:13:43 -0000

On Mon, 26 Jun 2006 13:06:22 +0000 (UTC)
Giorgos Keramidas <keramida@FreeBSD.org> wrote:

> keramida    2006-06-26 13:06:22 UTC
> 
>   FreeBSD doc repository
> 
>   Modified files:
>     en_US.ISO8859-1/books/handbook/security chapter.sgml 
>   Log:
>   When IPSEC is configured according to the Handbook[1], pf fails
>   to track connection state properly, because it does not see
>   packets coming from the tunneled interface to gif(4).  Rebuilding
>   with IPSEC_FILTERGIF fixes the problem.
>   
>   According to mlaier@ we cannot change GENERIC for this, but it's
>   ok to document the requirement for IPSEC_FILTERGIF.  Add a note
>   to this effect.

Not to disagree with Max, but I always looked through NOTES
for information.  Perhaps a note could be added there?

-- 
Tom Rhodes