IPSec and packet filtering in FreeBSD 6.0
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Mon Mar 13 13:18:14 UTC 2006
On Mon, Mar 13, 2006 at 02:02:36PM +0100, Jonas Bülow wrote:
> Hi,
Hi.
[....]
> Running tcpdump on the physical interface towards A, I see the
> encapsulated traffic. Using ipfilter's log option I can see the
> encapsulated traffic and the decapsulated *incoming* traffic. Outgoing
> traffic, to be encapsulated by IPSec/tunnel, is not seen. As a
> consequence it is only possible to filter decapsulated incoming
> traffic.
I have a patch to add some kind of OpenBSD's enc0 interface to filter
incoming IPSec traffic, and to be able to do some tcpdumps for both
incoming/outgoing IPSec traffic.
I still have to do some minor cleanups on it before sending the PR, it
should be done during this week.
[....]
> I've read someware on this list IPSec should be on the pfil
> interface. Is someone working in that direction? Is there any other
> plan on chaning the integration of IPSec in FreeBSD?
Where did you read this ?
Yvan.
--
NETASQ - Secure Internet Connectivity
http://www.netasq.com
More information about the freebsd-net
mailing list