Subject: Re: PF for netbsd
To: Martin J. Laubach <mjl@netbsd.org>
From: None <itojun@iijlab.net>
List: tech-net
Date: 06/28/2003 20:42:15
>| # setkey -c <<EOF
>| spdadd tagged "ssh" -P in ipsec esp/transport//use;
>| spdadd 127.0.0.1 127.0.0.1 -P in ipsec esp/transport//require;
>
> Why does the second line still specify some classification
>requirements? Wouldn't it be cleaner (and simpler) to _only_
>use tags here, ie.
>
> spdadd tagged "ssh" -P in ipsec esp/transport//use;
> spdadd tagged "from-to-localhost" -P in ipsec esp/transport//require;
>
> with appropriate packet filter lines?
the above is of course possible.
itojun