Anndrew, On Mon, Aug 21, 2006 at 08:45:54PM +0400, Andrew Pantyukhin wrote: > On 8/21/06, Jeremie Le Hen <[EMAIL PROTECTED]> wrote: > >As is has indeed already been stated in this thread, IPSec tunnel mode > >shunts the routing table. However the new enc(4) interface that Andrew > >Thompson has imported from OpenBSD allows to filter IPSec traffic in a > >more natural way. > > My understanding is that "options IPSEC_FILTERGIF" > already forces decoded packets to show up on the > interface: > > http://lists.freebsd.org/pipermail/freebsd-bugs/2005-December/016074.html
I agree with this, that's why I said "... allows to filter IPSec traffic _in a more natural way_". IPSEC_FILTERGIF is a kind of hack IMHO, though it has revealed itself to be very useful for many years. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
