Crist J. Clark wrote:
I'm running RELENG_4_5. Could revision 1.214 to ip_input.c have
something to do with this?
That is definitely a possibility. I didn't see this behaviour
on my kernel build from Oct 11 sources, but I do see it on later
ones. However, there was a long time after Oct 11 bef
On Tue, Jan 21, 2003 at 03:16:28PM +0200, Pekka Nikander wrote:
> Crist,
>
> Crist J. Clark wrote:
> >I don't see this. I have one rule on my external interface,
> >
> > block in log quick on de0 all head 2000
> >...
> >pass in quick proto esp from any to 12
On Tue, Jan 21, 2003 at 08:50:03AM -0700, Mike Durian wrote:
> On Monday 20 January 2003 11:34 pm, Crist J. Clark wrote:
> >
> > I don't see this. I have one rule on my external interface,
> >
> > block in log quick on de0 all head 2000
> > ...
> > pass in q
On Tuesday 21 January 2003 06:08 am, Pekka Nikander wrote:
>
> then the IPsec code *requires* than any received packet
> that has a source address within 192.168.2.0/24 was
> indeed protected by the specified tunnel, and if it wasn't,
> it drops the packet.
That's good news. I'll feel better abou
On Monday 20 January 2003 11:34 pm, Crist J. Clark wrote:
>
> I don't see this. I have one rule on my external interface,
>
> block in log quick on de0 all head 2000
> ...
> pass in quick proto esp from any to 12.234.89.252/32
> group 2000
First
Crist,
Crist J. Clark wrote:
I don't see this. I have one rule on my external interface,
block in log quick on de0 all head 2000
...
pass in quick proto esp from any to 12.234.89.252/32 group 2000
That allows in ESP traffic from any host. No
Mike Durian wrote:
I was looking through the FreeBSD mailing list archives trying to figure
out why ipfilter is filtering on both encapsulated ESP packets and the
decrypted packets (NetBSD says it should only filter on the line packets),
when I saw a relevent posting. It looks like other people a
On Mon, Jan 20, 2003 at 05:31:49PM -0700, Mike Durian wrote:
> I was looking through the FreeBSD mailing list archives trying to figure
> out why ipfilter is filtering on both encapsulated ESP packets and the
> decrypted packets (NetBSD says it should only filter on the line packets),
> when I saw
I was looking through the FreeBSD mailing list archives trying to figure
out why ipfilter is filtering on both encapsulated ESP packets and the
decrypted packets (NetBSD says it should only filter on the line packets),
when I saw a relevent posting. It looks like other people are frustrated by
thi
