ipsec with ipfw
Slawa Olhovchenkov
slw at zxy.spb.ru
Sat Mar 11 22:16:28 UTC 2017
On Sun, Mar 12, 2017 at 12:53:44AM +0330, Hooman Fazaeli wrote:
> Hi,
>
> As you know the ipsec/setkey provide limited syntax to define security
> policies: only a single subnet/host, protocol number and optional port
> may be used to specify traffic's source and destination.
>
> I was thinking about the idea of using ipfw as the packet selector for ipsec,
> much like it is used with dummeynet. Something like:
>
> ipfw add 100 ipsec 2 tcp from <lan-table> to <remote-servers-table> 80,443,110,139
>
> What do you think? Are you interested in such a feature?
> Is it worth the effort? What are the implementation challenges?
security policies is subject of ike protocol exchange, do you plened
to extend this protocol too?
More information about the freebsd-net
mailing list