On Sun, Mar 12, 2017 at 12:53:44AM +0330, Hooman Fazaeli wrote: > Hi, > > As you know the ipsec/setkey provide limited syntax to define security > policies: only a single subnet/host, protocol number and optional port > may be used to specify traffic's source and destination. > > I was thinking about the idea of using ipfw as the packet selector for ipsec, > much like it is used with dummeynet. Something like: > > ipfw add 100 ipsec 2 tcp from <lan-table> to <remote-servers-table> > 80,443,110,139 > > What do you think? Are you interested in such a feature? > Is it worth the effort? What are the implementation challenges?
security policies is subject of ike protocol exchange, do you plened to extend this protocol too? _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
