tech-net: Re: IPsec packets tagged for life?

Subject: Re: IPsec packets tagged for life?
To: Quentin Garnier <cube@cubidou.net>
From: Greg Troxel <gdt@ir.bbn.com>
List: tech-net
Date: 12/14/2005 20:25:54

Does gif w/o IPsec do ipf processing?  What you describe seems broken.

Really, ipf should be able to be applied before and after IPsec, with
separate rulesets, and also separate rules for forwarding and to/from
the host stack from the forwarding layers.   But that's a major
increase in complexity.
-- 
        Greg Troxel <gdt@ir.bbn.com>