ipsec packet filtering
Nickolay A. Kritsky
nkritsky at star-sw.com
Fri Jul 30 01:47:23 PDT 2004
Hello Bjoern,
Friday, July 30, 2004, 12:12:52 PM, Bjoern A. Zeeb wrote:
>> see? if the incoming packet is not in table, _and_ natd is not running
>> in proxy_only mode (which is not acceptable here) the packet flows by
>> without any change. And that's what the `man natd' says.
BAZ> please type
BAZ> man natd
BAZ> /reverse
BAZ> n
BAZ> this should be available in 4.9 too.
It's there. Oh my god! RTFM forever.
Well, thanks a lot, and sorry for time/traffic consumption.
<nooffencemeant>
I still don't like current situation with the way ipsec is processed
by ipfw,
</nooffencemeant>
but -reverse will help me for now.
--
Best regards,
; Nickolay A. Kritsky
; SysAdmin STAR Software LLC
; mailto:nkritsky at star-sw.com
More information about the freebsd-net
mailing list