On 12.03.2017 00:23, Hooman Fazaeli wrote: > Hi, > > As you know the ipsec/setkey provide limited syntax to define security > policies: only a single subnet/host, protocol number and optional port > may be used to specify traffic's source and destination. > > I was thinking about the idea of using ipfw as the packet selector for > ipsec, > much like it is used with dummeynet. Something like: > > ipfw add 100 ipsec 2 tcp from <lan-table> to <remote-servers-table> > 80,443,110,139
What this rule should do? How do you plan implement policy lookup for inbound packets? -- WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
