From owner-freebsd-pf@FreeBSD.ORG Tue Oct 25 12:23:37 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D588F16A41F for ; Tue, 25 Oct 2005 12:23:37 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from mallaury.nerim.net (smtp-102-tuesday.noc.nerim.net [62.4.17.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 596C743D46 for ; Tue, 25 Oct 2005 12:23:36 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by mallaury.nerim.net (Postfix) with ESMTP id 024B24F3C9; Tue, 25 Oct 2005 14:23:27 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by srvbsdnanssv.interne.kisoft-services.com (Postfix) with ESMTP id 0C090D3E8; Tue, 25 Oct 2005 14:23:50 +0200 (CEST) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) by localhost (srvbsdnanssv.interne.kisoft-services.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54933-01; Tue, 25 Oct 2005 14:23:49 +0200 (CEST) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 36C0BD3D0; Tue, 25 Oct 2005 14:23:49 +0200 (CEST) To: VANHULLEBUS Yvan From: Eric Masson In-Reply-To: <20051025120539.GA2761@zeninc.net> (VANHULLEBUS Yvan's message of "Tue, 25 Oct 2005 14:05:39 +0200") References: <20051025095745.GA2581@zeninc.net> <20051025120539.GA2761@zeninc.net> X-Operating-System: FreeBSD 5.4-RELEASE-p2 i386 Date: Tue, 25 Oct 2005 14:23:49 +0200 Message-ID: <861x29bx9m.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Jumbo Shrimp, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Cc: freebsd-pf@freebsd.org Subject: Re: Filtering IPSec traffic ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2005 12:23:37 -0000 VANHULLEBUS Yvan writes: Hi Yvan, > That's the problem: enc0 doesn't seems to exists, at least on my > FreeBSD6 gate (perhaps I missed something in the configuration, or > perhaps this is not a "real" interface ?) !!! The enc(4) interface doesn't exist in FreeBSD. Atm, I use gif tunnels and transport mode beetween gateways, so I'm able to filter on gifs. The other main advantage in my case is that routing is explicit (no SPD inspection to check how packets are treated by the stack) Éric Masson -- C'est chiant cette règle de blague obligatoire. En ce moment j'ai plutôt envie de voir des os pilés. Mais ça va passer : hop un mon gros noeud sur /dev/null et ça va mieux. -+- GNA in : - L'a pété un neunuerone -+-