diff options
author | bz <bz@FreeBSD.org> | 2009-05-23 16:42:38 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2009-05-23 16:42:38 +0000 |
commit | 9642ff6e283a56096187f128604a36cf5e445825 (patch) | |
tree | af224eeb2132573550696e499948967fb4a2e0d7 /share/man/man4/ipsec.4 | |
parent | dc84aec17116643eb20765e9bb3f4818bd52e4f4 (diff) | |
download | FreeBSD-src-9642ff6e283a56096187f128604a36cf5e445825.zip FreeBSD-src-9642ff6e283a56096187f128604a36cf5e445825.tar.gz |
Add sysctls to toggle the behaviour of the (former) IPSEC_FILTERTUNNEL
kernel option.
This also permits tuning of the option per virtual network stack, as
well as separately per inet, inet6.
The kernel option is left for a transition period, marked deprecated,
and will be removed soon.
Initially requested by: phk (1 year 1 day ago)
MFC after: 4 weeks
Diffstat (limited to 'share/man/man4/ipsec.4')
-rw-r--r-- | share/man/man4/ipsec.4 | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/share/man/man4/ipsec.4 b/share/man/man4/ipsec.4 index 4bc45d6..47ccdb1 100644 --- a/share/man/man4/ipsec.4 +++ b/share/man/man4/ipsec.4 @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 5, 2007 +.Dd May 23, 2009 .Dt IPSEC 4 .Os .Sh NAME @@ -37,7 +37,6 @@ .Nd Internet Protocol Security protocol .Sh SYNOPSIS .Cd "options IPSEC" -.Cd "options IPSEC_FILTERTUNNEL" .Cd "device crypto" .Pp .In sys/types.h @@ -88,9 +87,12 @@ inbound. .Pp To properly filter on the inner packets of an .Nm -tunnel with firewalls, add -.Cd "options IPSEC_FILTERTUNNEL" -to the kernel configuration file. +tunnel with firewalls, you can change the values of the following sysctls +.Bl -column net.inet6.ipsec6.filtertunnel default enable +.It Sy "Name Default Enable" +.It net.inet.ipsec.filtertunnel 0 1 +.It net.inet6.ipsec6.filtertunnel 0 1 +.El .\" .Ss Kernel interface .Nm |