On Mon, Oct 11, 2004 at 10:46:01PM -0500, rsenykoff@xxxxxxxxxxxxxxx wrote: > >But will the mark still exist after the encryption/encapsulation? > >>not so about ingres, but the marking stay with the packet after the enc > >>( well on 2.6 with native stack it does). I use this for marking > >>packets. > > Isn't this going to depend on whether you are encrypting the whole packet > (VPN style) or just the data portion of the packet (SSL style)? I use it to mark parkets that are then esp enc. I am using in currently with 2.6 and native ipsec stack to mark all packets that come in as esp and then are de - enc, I allow these through the firewall. This was my way around the old the problem of how to setup the firewall when the ipsecX interface dissappeared. I beleive the packet is encaped in place not duplicate. Then the new packet is refeed back in to netfilter. Alex
Attachment:
signature.asc
Description: Digital signature
