Date: Tue, 21 Jan 2003 10:54:30 -0800 From: "Crist J. Clark" <crist.clark@attbi.com> To: Mike Durian <durian@boogie.com> Cc: Pekka Nikander <pekka.nikander@nomadiclab.com>, freebsd-net@FreeBSD.ORG Subject: Re: Question about IPsec and double ipfilter processing Message-ID: <20030121185430.GD6871@blossom.cjclark.org> In-Reply-To: <200301210850.03390.durian@boogie.com> References: <200301201731.49942.durian@boogie.com> <20030121063451.GB37009@blossom.cjclark.org> <200301210850.03390.durian@boogie.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 21, 2003 at 08:50:03AM -0700, Mike Durian wrote:
> On Monday 20 January 2003 11:34 pm, Crist J. Clark wrote:
> >
> > I don't see this. I have one rule on my external interface,
> >
> > block in log quick on de0 all head 2000
> > ...
> > pass in quick proto esp from any to 12.234.89.252/32
> > group 2000
>
> First, let me point out that I'm running -current (as of 2 days ago).
> I don't know if that is revelent to this discussion or not.
I'm running RELENG_4_5. Could revision 1.214 to ip_input.c have
something to do with this?
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121185430.GD6871>