Re: [PATCH] - ipsecrx match - was Re: Writing iptables IPSEC reception support.
On Thu, Apr 01, 2004 at 11:03:44PM +1200, Matthew Grant wrote:
>
> I should have said this earlier
>
> This patch is seen as critically necessary by our security auditor for
> the VPN network we run on Debian if we are to use the new IPSEC. We are
> talking about 60 boxes... He does not want to rely on the SPD to keep
> packets injected off the external ethernet out.
>
> You can understand why I am recommending it for inclusion.
Well I can understand your need for it, but I can't include a netfilter
patch that hasn't been vetted by the netfilter team yet. Otherwise we'll
be in a very awkward situation should they reject it or apply an
incompatible solution.
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Reply to: