Subject: Re: Non-IPSec Processing Point for ipf
To: None <tech-net@netbsd.org>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-net
Date: 04/17/2003 11:33:18
-----BEGIN PGP SIGNED MESSAGE-----
I suggest two things:
1) if you have IPsec, it doesn't matter what interface things arrive on.
So, you can name the new "pseudo" interface, something like "ipsec"
2) you really want a persistent value to designate the SA that you can
put into the SPD, and use in the IPF. This is more work, clearly.
(In any case, "noipsec" confuses me. I think you meant
"after-ipsec-processing"?)
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPp7JPYqHRg3pndX9AQEuEAP5AfwPNXTjIdwMXViaU11z9QBIhy5V/8iv
6pCjcbFYIsk++CACO4bBDzTd6wIW7ExfK5DrNS5hZweZd5EDdTbtvNnqJT71NqIO
TUAOXFNc44sIhvIAyBPkZckV1hzs/GLgPFiVNGv1/VtSHFivL1kkCbgzDE3PZf+2
Dq+nrnlK6Zo=
=oKMj
-----END PGP SIGNATURE-----