On Tue, Jan 04, 2005 at 09:27:31AM +0100, Robert Dahlem wrote:
> Hi,
>
> sorry, this is a bit lengthy ...
<snip>
are you running a 2.6 kernel (i can assume that you are, but you know
what that makes us)?
if so, MARK your ESP packets in MANGLE PREROUTING, and use the mark to
identify decrypted packets in your filter rules.
hundreds of examples of this can be found through the list archives or
google.
-j
--
"Lisa, if you don't like your job you don't strike. You just go in
there every day and do it really half-assed. That's the American way."
--The Simpsons
