Date: Sat, 12 Jan 2002 10:54:34 +0300 (MSK) From: Alexey Zakirov <frank@agava.com> Cc: <hackers@freebsd.org> Subject: Re: Filtering packets received through an ipsec tunnel Message-ID: <Pine.BSF.4.32.0201121052170.15456-100000@hellbell.domain> In-Reply-To: <A3F0121C-06E3-11D6-A736-00039357FA7A@canyon.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Jan 2002, Rene de Vries wrote: > I know that ipsec has some handles to be able to filter on address, > protocol and/or port. But for more complex situations this is not > enough. In these situations it would be nice to be able to use > ip-filter (& co) on traffic from the tunnel (and also for traffic going > into the tunnel). > > I was wondering why this is implemented the way it is. Maybe someone on > this list could shed a light on this? Even worse. This behavior has broke my complicated ipsec/tunnel-gif/natd setup about summer (when it was committed) so I had to patch ip_input.c :( *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0201121052170.15456-100000>