On Sat, 17 Jan 2004 14:45:19 +0100, Andreas Kretschmer <andreas_kretschmer@xxxxxxxxxxxxx> wrote: >Okay, but you can't filtering packets. It's not possible to filter, for >instance, all traffic from/to telnet-port and enable all traffic to/from >ssh-port. For this reasen there are the ipsecX-interface in FreeSwan. On >the ethX you see only the crypted traffic, and on ipsecX the plain >traffic. So you can filtering, you can enable only ah/esp on ethX and >enable only ssh on ipsecX. >I miss this option in Kernel 2.6. Actually, not being able to filter traffic from an ipsec tunnel is a killer. Either for netfilter, or for kernel 2.6 ipsec. I suspect it will kill kernel 2.6 ipsec. Which is really bad since frees/wan positively sucks. Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
