Re: kern/23400: IPsec transport mode precludes filtering onunderlyingtransport header

From: Andre Oppermann (andre_at_freebsd.org)
Date: 06/29/04

Next message: Joe Schmoe: "concurrent scp sessions - testing methodology ?"

Previous message: Andre Oppermann: "Re: kern/23400: IPsec transport mode precludes filtering on underlying transport header"
In reply to: Bjoern A. Zeeb: "Re: kern/23400: IPsec transport mode precludes filtering onunderlying transport header"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 29 Jun 2004 00:11:16 +0200
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>

"Bjoern A. Zeeb" wrote:
>
> The following reply was made to PR kern/23400; it has been noted by GNATS.
>
> From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
> To: freebsd-gnats-submit@FreeBSD.org, seraf@2600.com
> Cc:
> Subject: Re: kern/23400: IPsec transport mode precludes filtering on underlying
> transport header
> Date: Mon, 28 Jun 2004 21:25:28 +0000 (UTC)
>
> > o [2000/12/09] kern/23400 net IPsec transport mode precludes filtering
>
> I think this one can be closed.
>
> We can do filtering of IP encapsulated in IPSec since
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c#rev1.34
> resp.
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c#rev1.51
>
> with the ipsec flag.

Thanks Bjoern! I have closed the PR according to your message.

-- 
Andre
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

Next message: Joe Schmoe: "concurrent scp sessions - testing methodology ?"

Previous message: Andre Oppermann: "Re: kern/23400: IPsec transport mode precludes filtering on underlying transport header"
In reply to: Bjoern A. Zeeb: "Re: kern/23400: IPsec transport mode precludes filtering onunderlying transport header"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: TCP/IP Filtering Question
... Steve's advice to use IPSec is excellent and far to few ... Ipsec filtering will not block multicast and broadcast traffic, ... > For what you are doing you might want to try ipsec filtering policy using> permit and block fitter actions instead on that router computer. ... If you do> not want the same ipsec policy applied to both adapters, then configure the> actual IP address of the network adapter you want to filter instead of "my ...
(microsoft.public.win2000.networking)
Re: TCP/IP Filtering Question
... Herb Martin ... >>> For what you are doing you might want to try ipsec filtering policy ... >>> actual IP address of the network adapter you want to filter instead of ... Ipsec filtering will not block multicast and broadcast ...
(microsoft.public.win2000.networking)
RE: TCP/IP Filtering problem on W2KAS
... These are definitely legitimate security concerns of the Win2K ... I have employed this technique to bypass IPSec port ... Port filtering with IPSec leaves you vulnerable because only the source port ...
(Focus-Microsoft)
Re: Microsoft Strategic Technology Protection Program
... Microsoft Strategic Technology Protection Program ... > Another potential area of confusion lies in IPSec. ... you can use the packet filtering possibilites of the RRAS ...
(NT-Bugtraq)
Re: TCP/IP Filtering
... IPsec filtering, NOT the TCP/IP filtering feature. ... Generally, TCP and UDP connections use two port numbers, not just one... ... See below for more info and links about both TCP/IP Filtering and IPsec ...
(microsoft.public.win2000.security)