[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian should not modify the kernels!

Marc Haber <mh+debian-devel@zugschlus.de> wrote:
> Please note that the 2.6 ipsec is unuseable. You can't filter traffic
> that goes into or comes from a tunnel. That's a killer.

That's not true.  Filtering for tunnels works just fine.

Transport mode filtering is indeed not supported.  But you can achieve
the same effect through IPSEC policies.

The only show stopper with tunnels is the lack of SNAT support.  Even
that isn't very difficult to resolve.

Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to: