ipsec with ipfw
Andrey V. Elsukov
bu7cher at yandex.ru
Mon Mar 13 07:33:35 UTC 2017
On 12.03.2017 00:23, Hooman Fazaeli wrote:
> Hi,
>
> As you know the ipsec/setkey provide limited syntax to define security
> policies: only a single subnet/host, protocol number and optional port
> may be used to specify traffic's source and destination.
>
> I was thinking about the idea of using ipfw as the packet selector for
> ipsec,
> much like it is used with dummeynet. Something like:
>
> ipfw add 100 ipsec 2 tcp from <lan-table> to <remote-servers-table>
> 80,443,110,139
What this rule should do? How do you plan implement policy lookup for
inbound packets?
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20170313/f3ade327/attachment.sig>
More information about the freebsd-net
mailing list