I know that ipfilter does not run on 2.2.x yet..
I do not know about the freeswan..
I would just use openbsd, it has the ipfilter and ipsec built in.
acs
On 10-Jan-00 Ron DuFresne wrote:
>
> Doesn't ipfilter and freeswan require that folks stay with a 2.0.X kernel
> rather then being able to progress up to a 2.2.X and above kernel?
>
> Policy routing in the iptables and 2.4.X kernels soon to be out, can
> accomplish the same thing, yes?
>
> Thanks,
>
> Ron DuFresne
>
> On Mon, 10 Jan 2000, Aaron C. Springer wrote:
>
>> Just use ipfilter
>>
>> acs
>>
>> On 10-Jan-00 Helmut Springer wrote:
>> >> But the NAT makes the IPChains in Linux statefull, since it knows how
>> >> to handle fragmentation, window and syn/ack tracking.
>> >
>> > yup, it does feel like a kludge though to add a state machine by adding
>> > a masquerading (many2one NAT) stage 8-/
>> >
>> > --
>> > MfG/best regards, helmut springer
>> > [EMAIL PROTECTED]
>> >
>> > "Freedom's just another word for nothing left to lose"
>> > -
>> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> > "unsubscribe firewalls" in the body of the message.]
>>
>>
>> _______________________
>> Aaron C. Springer
>> [EMAIL PROTECTED]
>> pgp key published
>> _______________________
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
_______________________
Aaron C. Springer
[EMAIL PROTECTED]
pgp key published
_______________________
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]