Re: Freeswan in Debian, or: Why I am such a bad maintainer
- To: Daniel Pocock <daniel@pocock.com.au>
- Cc: Dominique Kaiser <kaiser_d@gmx.net>, Wichert Akkerman <wichert@wiggy.net>, Marc Haber <mh+debian-devel@zugschlus.de>, Rene Mayrhofer <rene.mayrhofer@gibraltar.at>, Bastian Blank <waldi@debian.org>, Dominique Kaiser <dommi_s1@gmx.net>, Giacomo Mulas <gmulas@ca.astro.it>, Steven Augart <augart@watson.ibm.com>, Anthony DeRobertis <anthony@derobert.net>, Andrew Pimlott <pimlott@idiomtech.com>, herbert@gondor.apana.org.au, Alexander Hvostov <alex@aoi.dyndns.org>, Russell Stuart <russell-debian-bug@stuart.id.au>, dalhagen@tele-net.net, Christoph Martin <martin@uni-mainz.de>, Alexei Ustyuzhaninov <alust@uralskygsm.com>, Jason Spence <jspence@lightconsulting.com>, Mike Fedyk <mfedyk@matchmail.com>, Luca Fornasari <luca.fornasari@easybit.it>, Torsten Knodt <tk-debian@datas-world.de>, Christian Perrier <bubulle@debian.org>, Luk Claes <luk.claes@ugent.be>, debian-devel@lists.debian.org, Nate Carlson <natecars@natecarlson.com>
- Subject: Re: Freeswan in Debian, or: Why I am such a bad maintainer
- From: lupe@lupe-christoph.de (Lupe Christoph)
- Date: Tue, 29 Jun 2004 10:35:44 +0200
- Message-id: <[🔎] 20040629083544.GX29463@lupe-christoph.de>
- In-reply-to: <[🔎] 32861.213.228.220.45.1088497641.squirrel@secure.trendhosting.net>
- References: <[🔎] 40E00DDA.3040807@gibraltar.at> <[🔎] 20040628130629.GB9561@wiggy.net> <[🔎] 20040628142423.GO6752@torres.ka0.zugschlus.de> <[🔎] 20040628143046.GH9561@wiggy.net> <[🔎] 20040628165547.GT29463@lupe-christoph.de> <[🔎] 20040628193306.GN9561@wiggy.net> <[🔎] 40E07B74.6000106@gmx.net> <[🔎] 32861.213.228.220.45.1088497641.squirrel@secure.trendhosting.net>
On Tuesday, 2004-06-29 at 09:27:21 +0100, Daniel Pocock wrote:
> - any packets from IPsec peers will be fully trusted and not be screened
> further by netfilter
Harhar. In a perfect world...
> Step 1: Identify packets in mangle table
> iptables --table mangle -A PREROUTING -p esp -j MARK --set-mark 1
> Step 2: Allow packets in filter table
> iptables --table filter --insert INPUT --match mark --mark 1 -j ACCEPT
And how do you do that with fwbuilder?
Lupe Christoph
--
| lupe@lupe-christoph.de | http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like |
| covering yourself with barbecue sauce and breaking into the Charity |
| Home for Badgers with Rabies. Michael Lucas |
Reply to: