[Top] [All Lists]

Re: [Ipsec-tools-devel] ipv4/ipv6 forwarding check

To: Aidas Kasparas <a.kasparas@xxxxxx>
Subject: Re: [Ipsec-tools-devel] ipv4/ipv6 forwarding check
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
Date: Fri, 29 Oct 2004 00:04:47 -0700
Cc: latten@xxxxxxxxxxxxxx, ipsec-tools-devel@xxxxxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <4181EBC3.3020507@xxxxxx>
References: <200410300506.i9U56Yse005815@xxxxxxxxxxxxxxxxxxxx> <4181EBC3.3020507@xxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On Fri, 29 Oct 2004 10:05:39 +0300
Aidas Kasparas <a.kasparas@xxxxxx> wrote:

>       4) extend setkey's syntax to make explicit forward policy management 
> possible and write docs for all the admins to change policies.

This is what we're advocating to happen.

There are reasons why people would want seperate INPUT, OUTPUT,
and FORWARD policies.  So we're not taking that capability out
of the kernel.  And by "auto-magically" making this happen
transparently you are taking the capability away, which is why
this idea won't fly either.

For the record, the freeswan tools handle all of this stuff
just fine.

<Prev in Thread] Current Thread [Next in Thread>