Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 25 Apr 2001 01:38:40 +0200 (CEST)
From:      Luigi Rizzo <luigi@info.iet.unipi.it>
To:        Gunther Schadow <gunther@aurora.regenstrief.org>
Cc:        freebsd-small@FreeBSD.ORG
Subject:   Re: ipfw vs. ipf (was: Re: PicoBSD's kernel, /dev/kmem, and the kernfs
Message-ID:  <200104242338.BAA36223@info.iet.unipi.it>
In-Reply-To: <3AE5DE42.75523F60@aurora.regenstrief.org> from Gunther Schadow at "Apr 24, 2001 08:12:50 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
> > can you be more specific on this one ?
> 
> Yes, in fact I'm just about checking this again. You can see Itojun's 
> thoughts about this at:
> 
> http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction
> 
> and there is a patch that had been applied to the recent KAME SNAP
> kit that implements the rule. The rule is:

i suppose it is better waiting for the daylight in japan... surely
itojun and friends know what issues (if any) are there with ipfw.
(also note that there are ipfw and ipfw6 which are not the same thing,
and mightbe slightly out of sync).

	cheers
	luigi

> IPsec AH and ESP processing occurs on the inside of packet filtering.
> That is, before the filter on outgoing packets and after the filter
> on incoming packets. This may or may not have been fixed with ipfw.
> In fact, I was quite able to use IPsec with ipfw on one host, but
> I was never really sure about it. And, I'm looking forward to IPsec
> SPD packet matching rules to be combined with ipf. I remember Itojun
> or Sakane mentioning those further plans recently.
> 
> regards,
> -Gunther 
> 
> -- 
> Gunther Schadow, M.D., Ph.D.                    gschadow@regenstrief.org
> Medical Information Scientist      Regenstrief Institute for Health Care
> Adjunct Assistent Professor        Indiana University School of Medicine
> tel:1(317)630-7960                         http://aurora.regenstrief.org
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-small" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-small" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104242338.BAA36223>