Date: Sun, 12 Mar 2017 00:53:44 +0330 From: Hooman Fazaeli <hoomanfazaeli@gmail.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: ipsec with ipfw Message-ID: <58C46AE0.7050408@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, As you know the ipsec/setkey provide limited syntax to define security policies: only a single subnet/host, protocol number and optional port may be used to specify traffic's source and destination. I was thinking about the idea of using ipfw as the packet selector for ipsec, much like it is used with dummeynet. Something like: ipfw add 100 ipsec 2 tcp from <lan-table> to <remote-servers-table> 80,443,110,139 What do you think? Are you interested in such a feature? Is it worth the effort? What are the implementation challenges? -- Best regards Hooman Fazaeli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58C46AE0.7050408>