Hello freebsd-net, From searching the archives this looks like an old issue, but I still can't understand something. AFAIU, now the ipfw + ipsec interoperation looks like this: input: encrypted packet comes to system. It is not checked against ipfw rules. Rules are applied to decrypted payload packet. output: packet is going to leave the system encrypted by ipsec. The packet itself is not checked by firewall, but, after encryption, the resulting ESP packet is run against ipfw rules. I am sorry, but I still cannot understand the reasons for such strange, ugly behaviour. Does anybody knows the reasons for that and what chances are that we ever get fully-functional ipfw code checking _every_ packet on the stack.
Thanks. -- Best regards, ; Nickolay A. Kritsky ; SysAdmin STAR Software LLC ; mailto:[EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
