Date: Tue, 21 Jan 2003 08:54:26 -0700 From: Mike Durian <durian@boogie.com> To: Pekka Nikander <pekka.nikander@nomadiclab.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: Question about IPsec and double ipfilter processing Message-ID: <200301210854.26902.durian@boogie.com> In-Reply-To: <3E2D4656.6000805@nomadiclab.com> References: <200301201731.49942.durian@boogie.com> <3E2D4656.6000805@nomadiclab.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 21 January 2003 06:08 am, Pekka Nikander wrote: > > then the IPsec code *requires* than any received packet > that has a source address within 192.168.2.0/24 was > indeed protected by the specified tunnel, and if it wasn't, > it drops the packet. That's good news. I'll feel better about relaxing my rules a bit until I can figure out why I'm seeing different behavior than Crist and what is described in the ipfilter documentation (http://coombs.anu.edu.au/~avalon/ipfil-flow.html - note the final bullet item). mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301210854.26902.durian>