tech-net: Re: ipsec/ipf interaction change on 1.5 branch

Subject: Re: ipsec/ipf interaction change on 1.5 branch
To: None <tech-net@netbsd.org>
From: Ingolf Steinbach <ingolf@jellonet.de>
List: tech-net
Date: 04/25/2001 20:17:41

On Fri, Apr 06, 2001 at 10:46:25AM +0900, Jun-ichiro itojun Hagino wrote:
> 	ipsec/ipf interaction change was pulled up to 1.5 branch.
> 	(the change has been available in netbsd-current since feb2001)
> 
> 	summary:
> 	- ipf will look at wire-format packet, not the decapsulated IPsec
> 	  packets.
[...]

How is it possible now to filter wrt the decapsulated datagram?
For instance, one could want to build a VPN but only allow
VPN traffic from a remote host (within the VPN) to a local
host (within the same VPN) on port 80.

Regards
    Ingolf
-- 

Ingolf Steinbach        Balin@IRCnet         ICQ#60829470
PGP: 0x7B3B5661  213C 828E 0C92 16B5  05D0 4D5B A324 EC04