Re: Firewalling non-IPsec connections

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Hoeg <disposable1@hoeg.com>
To: Netfilter List <netfilter@lists.netfilter.org>
Subject: Re: Firewalling non-IPsec connections
Date: Wed, 17 Dec 2003 23:02:35 +0100	[thread overview]
Message-ID: <3FE0D27B.9080900@hoeg.com> (raw)
In-Reply-To: <GFEPJIHHFOJDOFDMNAJDIEAGEKAA.mark@npsl.co.uk>

Mark Weaver wrote:

>I have to guess so.  I've no idea TBH where the packets actually go, but
>this definitely works for me.  I'm more of a cook than a chef when it comes
>to netfilter.  I've tried looking around the source, but I'm pretty
>clueless, and the native ipsec doesn't seem to be documented at all.  It's
>not even got a maintainer listed, and virtually nothing in
>linux/Documentation.  (If anyone could point me in the right direction that
>would be great!).
>
mark, you simply rule! this fixed my problem. now, since i was going 
nuts trying to figure it out and i couldn't find ANY info on ANYWHERE 
(you guys were my last resort), so i have decided to make a small guide 
(i needed to learn docbook anyway so this seemed like a good chance) 
which can be found here:

http://hoeg.org/lri/

but one thing - to be honest i actually was thinking briefly about the 
MARK solution myself but came to the conclusion that since it is similar 
to the TOS marks you can set, then technically somebody else could tag 
the packets themselves before entering my system which would bypass the 
solution. and thats why i didnt take it further. can anybody shed any 
light on that?

but in order for the search engines to pick up this message: racoon 
linux kernel 2.6 ipsec vpn tunnel firewall iptables netfilter

>It kind of makes sense, because without this we'd have no possibility of
>handling packets that came in via an IPSC tunnel separately.
>
agree

next prev parent reply	other threads:[~2003-12-17 22:02 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-14 22:30 Firewalling non-IPsec connections Peter Hoeg
2003-12-14 23:59 ` Arnt Karlsen
2003-12-15 20:44 ` Antony Stone
2003-12-15 23:55   ` Sven-Haegar Koch
2003-12-16  0:09     ` Michael Gale
2003-12-16  8:53     ` Antony Stone
2003-12-16 14:45       ` Mark Weaver
2003-12-16 15:12         ` Antony Stone
2003-12-16 19:46           ` Mark Weaver
2003-12-17 22:02             ` Peter Hoeg [this message]
2003-12-18  0:37               ` Michael H. Warfield
2003-12-18 12:59               ` Mark Weaver

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3FE0D27B.9080900@hoeg.com \
    --to=disposable1@hoeg.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.