Impossible to IPfilter this?
Bruce M Simpson
bms at spc.org
Fri Jun 13 14:58:13 PDT 2003
There's a hack for this in -CURRENT:
#
# Set IPSEC_FILTERGIF to force packets coming through a gif tunnel
# to be processed by any configured packet filtering (ipfw, ipf).
# The default is that packets coming from a tunnel are _not_ processed;
# they are assumed trusted.
#
# Note that enabling this can be problematic as there are no mechanisms
# in place for distinguishing packets coming out of a tunnel (e.g. no
# encX devices as found on openbsd).
#
#options IPSEC_FILTERGIF #filter ipsec packets from a tunnel
BMS
More information about the freebsd-security
mailing list