[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeswan in Debian, or: Why I am such a bad maintainer

On Tuesday, 2004-06-29 at 09:27:21 +0100, Daniel Pocock wrote:

> - any packets from IPsec peers will be fully trusted and not be screened
> further by netfilter

Harhar. In a perfect world...

> Step 1: Identify packets in mangle table

> iptables --table mangle -A PREROUTING -p esp -j MARK --set-mark 1

> Step 2: Allow packets in filter table

> iptables --table filter --insert INPUT --match mark --mark 1 -j ACCEPT

And how do you do that with fwbuilder?

Lupe Christoph
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like   |
| covering yourself with barbecue sauce and breaking into the Charity    |
| Home for Badgers with Rabies.                            Michael Lucas |

Reply to: