Hi All,
I was wondering if someone has been working on and/or has a patch which implement's the use of Netfilter Marks for ipsec spd matching under the linux kernel 2.6. This would be similar to the NetBSD "tagged" option of 'setkey':
spdadd tagged "ssh" -P out esp/transport//require
But then something like:
~ spdadd tagged 1 -P out esp/transport//require or spdadd mark 1 -P out esp/transport//require
Thank in advance, greetings,
Ludo Stellingwerff.
-- Ludo Stellingwerff
V&S B.V. The Netherlands ProTactive firewall solution. Tel: +31 172 416116 Fax: +31 172 416124
site: www.protactive.nl demo: http://www.protactive.nl:81/netview.html
Taken from the policy match from p-o-m: "This patch adds the policy match to netfilter.
The policy match is used to match the IPsec policy used for handling a packet."
Perhaps what you are looking for.
--
PGP-ID 0xF8EAF138
Attachment:
signature.asc
Description: OpenPGP digital signature
