ipsec packet filtering
From: Nickolay A. Kritsky (nkritsky_at_star-sw.com)
Date: 07/30/04
- Previous message: James: "Re: packet order, ipf or ipfw"
- Next in thread: Mitch (bitblock): "RE: ipsec packet filtering"
- Reply: Mitch (bitblock): "RE: ipsec packet filtering"
- Reply: Bjoern A. Zeeb: "Re: ipsec packet filtering"
- Reply: Peter Sandilands: "RE: ipsec packet filtering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 30 Jul 2004 07:58:31 +0400 To: freebsd-net@freebsd.org
Hello freebsd-net,
From searching the archives this looks like an old issue, but I
still can't understand something.
AFAIU, now the ipfw + ipsec interoperation looks like this:
input: encrypted packet comes to system. It is not checked against
ipfw rules. Rules are applied to decrypted payload packet.
output: packet is going to leave the system encrypted by ipsec. The
packet itself is not checked by firewall, but, after encryption, the
resulting ESP packet is run against ipfw rules.
I am sorry, but I still cannot understand the reasons for such
strange, ugly behaviour. Does anybody knows the reasons for that and
what chances are that we ever get fully-functional ipfw code
checking _every_ packet on the stack.
Thanks.
-- Best regards, ; Nickolay A. Kritsky ; SysAdmin STAR Software LLC ; mailto:nkritsky@star-sw.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: James: "Re: packet order, ipf or ipfw"
- Next in thread: Mitch (bitblock): "RE: ipsec packet filtering"
- Reply: Mitch (bitblock): "RE: ipsec packet filtering"
- Reply: Bjoern A. Zeeb: "Re: ipsec packet filtering"
- Reply: Peter Sandilands: "RE: ipsec packet filtering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
