diff options
author | bz <bz@FreeBSD.org> | 2009-05-23 16:42:38 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2009-05-23 16:42:38 +0000 |
commit | 9642ff6e283a56096187f128604a36cf5e445825 (patch) | |
tree | af224eeb2132573550696e499948967fb4a2e0d7 /sys/conf | |
parent | dc84aec17116643eb20765e9bb3f4818bd52e4f4 (diff) | |
download | FreeBSD-src-9642ff6e283a56096187f128604a36cf5e445825.zip FreeBSD-src-9642ff6e283a56096187f128604a36cf5e445825.tar.gz |
Add sysctls to toggle the behaviour of the (former) IPSEC_FILTERTUNNEL
kernel option.
This also permits tuning of the option per virtual network stack, as
well as separately per inet, inet6.
The kernel option is left for a transition period, marked deprecated,
and will be removed soon.
Initially requested by: phk (1 year 1 day ago)
MFC after: 4 weeks
Diffstat (limited to 'sys/conf')
-rw-r--r-- | sys/conf/NOTES | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 7ba6ac4..0e5bb44 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -524,9 +524,10 @@ options ROUTETABLES=2 # max 16. 1 is back compatible. options IPSEC #IP security (requires device crypto) #options IPSEC_DEBUG #debug for IP security # -# Set IPSEC_FILTERTUNNEL to force packets coming through a tunnel -# to be processed by any configured packet filtering twice. -# The default is that packets coming out of a tunnel are _not_ processed; +# #DEPRECATED# +# Set IPSEC_FILTERTUNNEL to change the default of the sysctl to force packets +# coming through a tunnel to be processed by any configured packet filtering +# twice. The default is that packets coming out of a tunnel are _not_ processed; # they are assumed trusted. # # IPSEC history is preserved for such packets, and can be filtered |