Re: [PATCH] - ipsecrx match - was Re: Writing iptables IPSEC reception support.

On Thu, Apr 01, 2004 at 11:03:44PM +1200, Matthew Grant wrote:
> I should have said this earlier
> This patch is seen as critically necessary by our security auditor for
> the VPN network we run on Debian if we are to use the new IPSEC.  We are
> talking about 60 boxes...  He does not want to rely on the SPD to keep
> packets injected off the external ethernet out.
> You can understand why I am recommending it for inclusion.

Well I can understand your need for it, but I can't include a netfilter
patch that hasn't been vetted by the netfilter team yet.  Otherwise we'll
be in a very awkward situation should they reject it or apply an
incompatible solution.
