On Thu, Apr 21, 2005 at 07:50:19PM -0400, jamal wrote:
> What was the reason there exist a FWD direction in the policies?
You should really ask Alexey about that :) I myself had the same
question when I first started in this area. However, since it
has been present since the very beginning and people are already
relying on it, we will have to live with it.
> Also - shouldnt the FWD policies closely match the OUT ones instead of
> the IN direction (browsing the forwarding code)? i.e
> does this look odd to you (picking a sample from Wolfgangs output):
The FWD policies are analogous to the FORWARD table in netfilter.
The FWD policies apply to forwarded packet, meaning packets that
end up in ip_forward instead of ip_local_deliver. The IN policies
only apply to packets that end up in ip_local_deliver.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
|