From owner-freebsd-net  Mon Jan 14  8:41:58 2002
Delivered-To: freebsd-net@freebsd.org
Received: from shark.amis.net (shark.amis.net [212.18.32.14])
	by hub.freebsd.org (Postfix) with ESMTP id 0B30637B405
	for <freebsd-net@FreeBSD.ORG>; Mon, 14 Jan 2002 08:41:56 -0800 (PST)
Received: from baracuda.amis.net (baracuda.amis.net [212.18.32.4])
	by shark.amis.net (Postfix) with ESMTP
	id 7FEA37C0E; Mon, 14 Jan 2002 17:41:54 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by baracuda.amis.net (Postfix) with ESMTP
	id 4C5F79B06; Mon, 14 Jan 2002 17:41:54 +0100 (CET)
Received: from titanic.medinet.si (titanic.medinet.si [212.18.42.5])
	by baracuda.amis.net (Postfix) with ESMTP
	id 733E59B05; Mon, 14 Jan 2002 17:41:53 +0100 (CET)
Received: by titanic.medinet.si (Postfix, from userid 1000)
	id 68C9E55411; Mon, 14 Jan 2002 17:41:50 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by titanic.medinet.si (Postfix) with ESMTP
	id 5DEA555404; Mon, 14 Jan 2002 17:41:50 +0100 (CET)
Date: Mon, 14 Jan 2002 17:41:50 +0100 (CET)
From: Blaz Zupan <blaz@si.FreeBSD.org>
X-X-Sender: blaz@titanic.medinet.si
To: "Louis A. Mamakos" <louie@TransSys.COM>
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: Filtering packets received through an ipsec tunnel 
In-Reply-To: <200201141419.g0EEJOE73252@whizzo.transsys.com>
Message-ID: <20020114173900.I2807-100000@titanic.medinet.si>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

> And before you suggest that the gif tunnels seen in all those IPSEC
> examples actually have anything to do with IPSEC tunnels, please try
> it and look again.  It's completely uninvolved other than introducing
> a route as a side-effect.

I'm not sure what you mean here, but shouldn't the following work: we create a
gif tunnel between the two endpoints and just encrypt the gif traffic itself.
Then we can filter the packets that go in and out of the gif interface.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message