[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-tech-net
Subject:    Re: IPsec packets tagged for life?
From:       Greg Troxel <gdt () ir ! bbn ! com>
Date:       2005-12-15 1:25:54
Message-ID: rmiacf39mn1.fsf () fnord ! ir ! bbn ! com
[Download RAW message or body]

Does gif w/o IPsec do ipf processing?  What you describe seems broken.

Really, ipf should be able to be applied before and after IPsec, with
separate rulesets, and also separate rules for forwarding and to/from
the host stack from the forwarding layers.   But that's a major
increase in complexity.
-- 
        Greg Troxel <gdt@ir.bbn.com>
[prev in list] [next in list] [prev in thread] [next in thread]