Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPFilter 5.1.1 imported into current

Hubert Feyrer wrote:
Hi Darren,

Am 30.01.2012 um 18:16 schrieb Darren Reed:
packets that match an entry in the state table. Additionally, there
is a new rule - "decapsulate". This has been designed to allow
filtering on "inner headers" of packets that have been encapsulated
in clear text. It will, for example, allow filtering on IPv4 headers
inside of IPv6 packets (or vice versa.)

Is there a chance this can be made into getting NAT working with IPsec,
i.e. when sending, applying NAT on the inside packet before it goes into IPsec processing (and vice versa)?

I think that this requires something different as a requirement
here is to play with packets when they're passed to IPsec but
before they're encrypted. At present, IPFilter sees packets only
on input and output and at both points in the stack, the inner
packet will be encrypted, correct?


Home | Main Index | Thread Index | Old Index