Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Jan 2003 08:54:26 -0700
From:      Mike Durian <durian@boogie.com>
To:        Pekka Nikander <pekka.nikander@nomadiclab.com>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: Question about IPsec and double ipfilter processing
Message-ID:  <200301210854.26902.durian@boogie.com>
In-Reply-To: <3E2D4656.6000805@nomadiclab.com>
References:  <200301201731.49942.durian@boogie.com> <3E2D4656.6000805@nomadiclab.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 21 January 2003 06:08 am, Pekka Nikander wrote:
>
> then the IPsec code *requires* than any received packet
> that has a source address within 192.168.2.0/24 was
> indeed protected by the specified tunnel, and if it wasn't,
> it drops the packet.

That's good news.  I'll feel better about relaxing my rules a bit
until I can figure out why I'm seeing different behavior than Crist
and what is described in the ipfilter documentation
(http://coombs.anu.edu.au/~avalon/ipfil-flow.html  -  note the final
bullet item).

mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301210854.26902.durian>