From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] ipsec: Add block rules to avoid conntrack entries Date: Sun, 04 Oct 2015 18:07:05 +0100 Message-ID: <1443978425.18782.108.camel@ipfire.org> In-Reply-To: <56115302.7020001@rymes.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5627929594908337149==" List-Id: --===============5627929594908337149== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Sun, 2015-10-04 at 12:25 -0400, Tom Rymes wrote: > On 10/03/2015 5:31 PM, Michael Tremer wrote: > > If an IPsec VPN connections is not established, there are > > rare cases when packets are supposed to be sent through > > that said tunnel and incorrectly handled. > > Michael, et. al.: > > I just posted a comment on the bug before I realized that e-mail > would > be more appropriate. > > My apologies for not being up to speed on this, but can you hold my > hand > on implementing this? I am simply not confident enough to apply these > changes without a better understanding of what I am doing. You got this already applied (at least the bare essence of that). I think we should wait for someone else to confirm that this is not crashing anything :) Since I emailed this patch I am still wondering if we should not limit this rule to the RED interface. We didn't do that when we tried all this on one of your machines ( https://bugzilla.ipfire.org/show_bug.cgi?id=10908#c16). It is an easier solution, but I am wondering if that does not have any side-effects... @Timo: You should use the Reviewed-by: tag then. Best, -Michael > > Thank you, > > Tom --===============5627929594908337149== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSldFVnk1QUFvSkVJQjU4UDl2a0FrSHFVZ1FBSUdZdFQ3a3JoUkxldmJ2QzNuRFVROHgK elNNNjBoRGZyQi9vcXlDVEtwaWd0Ylg5c2VzVmtKYVVJeGFJbHcvckdEMUpvbGp4dlRKUnhiQndq cU14YWJ0ZApMWjVOT3dvUnVYRGdLZFgxM2ZxVHlubktaelA5cEcyYTV1eE1DOWFHSFpudmM5eldq VGFPdjdLK01VbzJxUGdHClJtNVBMaGxYemd4cXUrdEYrdGNGMGNQY0RuVlJKK1VXWnkyQVA5c0p0 eXZwV1FKUFlPV1NFSjJrZitlcGh3Uk4Kc3V1NGhocHVCN0hjQnBLYW1PSkM2cUJDTm9YQTRvd1Ey dk1KVnBmRmRDOGc5d1lRenl5MW1JZzd4aWZGRE5raAprcU5hOXJGZUJEM3JiL0VhMzhBUnpGb1Ja TUZ0a1M5TVNqcnVBb3d4WGhrbjR2c3NWUFpqQUVBczNOZHFnaVdkCkE1c3VqbEhCRFBnZzhybXVH UFptOUdLT09BTUZvOHp6SG5GZ0IyQUcrK3E0d3pHUHpFUFlOOER5YzIwRVVOTUsKUkoyendoR3U0 SHI0aTFsZmlEMDZTRlFRa2tXa2U2Z3ZOblpHOGRDUVZodTY0bC9qY3FSMU5HakswaFhLdlc1Nwpw bWVNL1NySFFXM1BiUXAzeW44LzI5Qk44cE5OT0NTdFkrekQyazVtay9tTlBpdXVyZk4xU2w4OUdS NFIrVktQCmpML1Q4Vi9JdERqbTJDUFJUMjJiL1hzMzBuenIrMXEyWTZHYXhMU0VYcEhkcWhXaEV1 Wk1BUGZJczBzdjF3aXMKY1N5NmJlYjFVZW1hT1RqVnRNZ2lJcU02a3VuWFBxbW1kaEM0QWJPdmov OGlMQk5wTTdhckJOSUJaMHhTWFEzOQp5SkhGdW5WTzAvelJUcGVibWNlawo9all3LwotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============5627929594908337149==--