Hello!
On Sun, 2 Apr 2006, Bjoern A. Zeeb wrote:
Why not? IMHO it will be very useful feature: think about e.g. traffic
shaping for several different networks which are routed via the same
ipsec tunnel. Without the enc0, you can only shape them together, e.g.:
why not shaping on the internal interface in case this is a gateway?
You know src and dst there too.
Gateway can also contain sources of traffic, and we should be able
to shape all outgoing or incoming traffic (not only transit packets,
but also locally-originated).
The only difference enc0 makes is for host-only-setups or if you want
to see all your unencrpyted ipsec traffic on a gateway in one place.
It seems to me that it's also useful for general traffic
shaping/accounting/filtering purposes.
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: [EMAIL PROTECTED]
nic-hdl: LYNX-RIPE
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
