From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] ipsec: Add block rules to avoid conntrack entries
Date: Thu, 15 Oct 2015 22:40:07 +0100
Message-ID: <1444945207.18375.65.camel@ipfire.org>
In-Reply-To: <1443978425.18782.108.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5738183359391606849=="
List-Id: <development.lists.ipfire.org>

--===============5738183359391606849==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Hello Tom,

any news so far? Is everything still working?

If so I would like to merge this patch for Core Update 95.

Best,
-Michael

On Sun, 2015-10-04 at 18:07 +0100, Michael Tremer wrote:
> On Sun, 2015-10-04 at 12:25 -0400, Tom Rymes wrote:
> > On 10/03/2015 5:31 PM, Michael Tremer wrote:
> > > If an IPsec VPN connections is not established, there are
> > > rare cases when packets are supposed to be sent through
> > > that said tunnel and incorrectly handled.
> > 
> > Michael, et. al.:
> > 
> > I just posted a comment on the bug before I realized that e-mail
> > would 
> > be more appropriate.
> > 
> > My apologies for not being up to speed on this, but can you hold my
> > hand 
> > on implementing this? I am simply not confident enough to apply
> > these
> > changes without a better understanding of what I am doing.
> 
> You got this already applied (at least the bare essence of that). I
> think we should wait for someone else to confirm that this is not
> crashing anything :)
> 
> Since I emailed this patch I am still wondering if we should not
> limit
> this rule to the RED interface. We didn't do that when we tried all
> this on one of your machines (
> https://bugzilla.ipfire.org/show_bug.cgi?id=10908#c16). It is an
> easier
> solution, but I am wondering if that does not have any side
> -effects...
> 
> @Timo: You should use the Reviewed-by: tag then.
> 
> Best,
> -Michael
> 
> > 
> > Thank you,
> > 

--===============5738183359391606849==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC
Q2dBR0JRSldJQjAzQUFvSkVJQjU4UDl2a0FrSHdPa1FBS1A4a3FuT0lRZWJaTVZpSW0xV08yMUIK
ZUJ4K2Y2c0U5MXhUaGtrUTdaTkhla04yaGZYRUhOdHlRNmZWY0ZJRExMY0Q5ejZqOG9yUUJzNGtY
bUxYa1dYNQpCYmZOMG1TazQzS282QWFDRnJWM2Rrbm1rUmw5MGhoaUVGMTZXbnNnNUY5UW9Lc1E4
dFRnM0g4amNQYlF5bzZjCkZLTW11RlMrbGc0dGxJdm9aR24rWnFiQll3ellzRW15M2JCZmhsYzUr
d0tUQUdmMVBrd01rWnR1aEc0Ri9iZncKVjRsYTVFUW9ZdXBKVGxBd2t3RUJvcXZoN3hscEpENHd5
WnlmZUhYa1VrQ3RDYnN1VWFGc3IwNWhaK3dkdFYyVgpUUjJ6eHRaOUpNZngwTHRSaVVMb3N6enNX
dUJvTFZyT2pEMkRXclZjbWowdm9FSVBRL2FMNjJLK1NscFZGV1c3CnBkc2c4a0dlUnpSZHhBUERJ
Wk5mRVBLWDdCNHlJNnhybkx3S3NSKzQwOWV0SFVHcEFhOWtHV2JmVjIwUXYzZTcKLy9DakF1SmJ2
anRPc2FYS0lHcWJkZXhGaU9Ra1JQcDlSMjMydFZNUEZzUXRVeXpwakZBREdJVWdpQUN0b3VqWQp4
YVViQkgyc2ZibkQrazF3LzFKVWs4WHBnN3M3bUlOenp5K2dpSVhhWkNjNDFFT0xQZ05Oek9MZ0JV
Y2l5M1NKClpxWHlqU1ZLdW04T2hVUHVhTEZIdVlxYWY2em93cU1yREVla3RJMmRuV1JGRTdwTFBD
bWQ3ZzFFaUtTTHpsT3EKTXlEYnVtTDYxK2FQVXJJMWRlUWhQREFNR2k2Y2UyS1BnRlI3bTVrQUps
RzJCaHBnL1JMb1hjek1EbUp4NmxGVgp5OEpraWJTbnFEMTR3VWkwUnpiMgo9QnpROQotLS0tLUVO
RCBQR1AgU0lHTkFUVVJFLS0tLS0K

--===============5738183359391606849==--