IPSEC - tcp port match
- From: Gennady Proskurin <gpr@xxxxxxxxxxxx>
- Date: Fri, 26 May 2006 11:38:36 +0400
Hello.
I try to configure IPSEC to bybass ssh protocol. For example:
setkey -FP
setkey -F
setkey -c << EOF
spdadd 10.1.1.1/32 10.6.10.50[22] tcp -P in none ;
spdadd 10.1.1.1/32 10.6.10.50 tcp -P in ipsec ah/transport//require ;
EOF
(Pass incoming ssh packets to 10.6.10.50, block other tcp packets)
This works under fresh 7-CURRENT(FAST_IPSEC). On fresh 6-STABLE (neither
FAST_IPSEC nor KAME IPSEC) it doesn't work, first string
"spdadd 10.1.1.1/32 10.6.10.50[22] tcp -P in none" never matches.
Is it bug in 6-STABLE or I missing something?
Does anybody successfuly use IPSEC with tcp port matching under 6-STABLE?
--
Gennady
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: FreeBSD Security Survey
- Next by Date: Re: FreeBSD Security Survey
- Previous by thread: HSM devices and FreeBSD
- Next by thread: Integrating ProPolice/SSP into FreeBSD
- Index(es):
Relevant Pages
|
