On Tue, Jan 15, 2002 at 01:34:29PM +0100, Alex Le Heux wrote:
> >
> > But doesn't ipsec stack already take care of this ? I think (hope)
> > that is doesn't process the packet if it is coming from wrong tunnel
> > because the packet does not match the policy.
>
> I'm not sure if it actually drops 'wrong' packets coming from the tunnel.
> I'll see if I have some time soon to look into it.
Sorry for replying to my own mail...
It seems to do something like it, see sysctl net.inet.ipsec.def_policy in
ipsec(4).
It's not exactly the same though and certainly doesn't give very fine
grained control.
Although I can't really think of any situations that one can't cover this
way.
Regards,
Alex Le Heux
--
Happiness is a side effect of doing something that's got nothing to do
with it, baby.
- Bootsy Collins
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
