Re: kern/23400: IPsec transport mode precludes filtering onunderlyingtransport header

From: Andre Oppermann (andre_at_freebsd.org)
Date: 06/29/04

  • Next message: Joe Schmoe: "concurrent scp sessions - testing methodology ?" 
    Date: Tue, 29 Jun 2004 00:11:16 +0200
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>

    "Bjoern A. Zeeb" wrote:
    >
    > The following reply was made to PR kern/23400; it has been noted by GNATS.
    >
    > From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
    > To: freebsd-gnats-submit@FreeBSD.org, seraf@2600.com
    > Cc:
    > Subject: Re: kern/23400: IPsec transport mode precludes filtering on underlying
    > transport header
    > Date: Mon, 28 Jun 2004 21:25:28 +0000 (UTC)
    >
    > > o [2000/12/09] kern/23400 net IPsec transport mode precludes filtering
    >
    > I think this one can be closed.
    >
    > We can do filtering of IP encapsulated in IPSec since
    >
    > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c#rev1.34
    > resp.
    > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c#rev1.51
    >
    > with the ipsec flag.

    Thanks Bjoern! I have closed the PR according to your message. 

    -- 
Andre
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
  • Next message: Joe Schmoe: "concurrent scp sessions - testing methodology ?"

    Relevant Pages

    • Re: TCP/IP Filtering Question
      ... Steve's advice to use IPSec is excellent and far to few ... Ipsec filtering will not block multicast and broadcast traffic, ... > For what you are doing you might want to try ipsec filtering policy using> permit and block fitter actions instead on that router computer. ... If you do> not want the same ipsec policy applied to both adapters, then configure the> actual IP address of the network adapter you want to filter instead of "my ...
      (microsoft.public.win2000.networking)
    • Re: TCP/IP Filtering Question
      ... Herb Martin ... >>> For what you are doing you might want to try ipsec filtering policy ... >>> actual IP address of the network adapter you want to filter instead of ... Ipsec filtering will not block multicast and broadcast ...
      (microsoft.public.win2000.networking)
    • RE: TCP/IP Filtering problem on W2KAS
      ... These are definitely legitimate security concerns of the Win2K ... I have employed this technique to bypass IPSec port ... Port filtering with IPSec leaves you vulnerable because only the source port ...
      (Focus-Microsoft)
    • Re: Microsoft Strategic Technology Protection Program
      ... Microsoft Strategic Technology Protection Program ... > Another potential area of confusion lies in IPSec. ... you can use the packet filtering possibilites of the RRAS ...
      (NT-Bugtraq)
    • Re: TCP/IP Filtering
      ... IPsec filtering, NOT the TCP/IP filtering feature. ... Generally, TCP and UDP connections use two port numbers, not just one... ... See below for more info and links about both TCP/IP Filtering and IPsec ...
      (microsoft.public.win2000.security)