On 2011-07-21, Ryan Whelan <rcwhelan@xxxxxxxxx> wrote: > > Is there a way to accomplish this? Maybe a way to only accept a > non-esp packets if it destined for the ipsec stack; is that possible? I know you ask about netfilter, but consider IPsec security policies (defined by setkey tool) can be used to force xfrm based on network or transport source or destinatino addresses. -- Petr -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
