[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PATCH] - ipsecrx match - was Re: Writing iptables IPSEC reception support.

On Thu, Apr 01, 2004 at 11:03:44PM +1200, Matthew Grant wrote:
> I should have said this earlier
> This patch is seen as critically necessary by our security auditor for
> the VPN network we run on Debian if we are to use the new IPSEC.  We are
> talking about 60 boxes...  He does not want to rely on the SPD to keep
> packets injected off the external ethernet out.
> You can understand why I am recommending it for inclusion.

Well I can understand your need for it, but I can't include a netfilter
patch that hasn't been vetted by the netfilter team yet.  Otherwise we'll
be in a very awkward situation should they reject it or apply an
incompatible solution.
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to: