Hi, As you know the ipsec/setkey provide limited syntax to define security policies: only a single subnet/host, protocol number and optional port may be used to specify traffic's source and destination.
I was thinking about the idea of using ipfw as the packet selector for ipsec, much like it is used with dummeynet. Something like: ipfw add 100 ipsec 2 tcp from <lan-table> to <remote-servers-table> 80,443,110,139 What do you think? Are you interested in such a feature? Is it worth the effort? What are the implementation challenges? -- Best regards Hooman Fazaeli _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
