Subject: Re: PF for netbsd
To: None <tech-net@netbsd.org>
From: Martin J. Laubach <mjl@netbsd.org>
List: tech-net
Date: 06/28/2003 09:44:26
| # setkey -c <<EOF
| spdadd tagged "ssh" -P in ipsec esp/transport//use;
| spdadd 127.0.0.1 127.0.0.1 -P in ipsec esp/transport//require;
Why does the second line still specify some classification
requirements? Wouldn't it be cleaner (and simpler) to _only_
use tags here, ie.
spdadd tagged "ssh" -P in ipsec esp/transport//use;
spdadd tagged "from-to-localhost" -P in ipsec esp/transport//require;
with appropriate packet filter lines?
mjl