Date: Fri, 30 Jul 2004 07:58:31 +0400 From: "Nickolay A. Kritsky" <nkritsky@star-sw.com> To: freebsd-net@freebsd.org Subject: ipsec packet filtering Message-ID: <652582171.20040730075831@star-sw.com>
next in thread | raw e-mail | index | archive | help
Hello freebsd-net, From searching the archives this looks like an old issue, but I still can't understand something. AFAIU, now the ipfw + ipsec interoperation looks like this: input: encrypted packet comes to system. It is not checked against ipfw rules. Rules are applied to decrypted payload packet. output: packet is going to leave the system encrypted by ipsec. The packet itself is not checked by firewall, but, after encryption, the resulting ESP packet is run against ipfw rules. I am sorry, but I still cannot understand the reasons for such strange, ugly behaviour. Does anybody knows the reasons for that and what chances are that we ever get fully-functional ipfw code checking _every_ packet on the stack. Thanks. -- Best regards, ; Nickolay A. Kritsky ; SysAdmin STAR Software LLC ; mailto:nkritsky@star-sw.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?652582171.20040730075831>