On Fri, May 03, 2002 at 10:10:56PM -0700, Julian Elischer wrote:
...
> Thanks for bringing this up..
> I'm actually flabberghasted that it's so. I've been assuming it was the
> other way around.
> The advantage of having it the other way would be to be able to do other
> evil
> things to ipsec packets, but as it is you can totally block
> all packets and ipsec will still work..
> but that's certainly not POLA.. because we tell teh world that
> the ipfw works on ALL packets.
except when we use ipfastforwarding, which is also anything but POLA...
cheers
luigi
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
