From mboxrd@z Thu Jan 1 00:00:00 1970 From: Timo Eissler To: development@lists.ipfire.org Subject: Re: [PATCH] ipsec: Add block rules to avoid conntrack entries Date: Thu, 08 Oct 2015 19:11:26 +0200 Message-ID: <5616A3BE.9070501@teissler.de> In-Reply-To: <1443978425.18782.108.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3931566218501358709==" List-Id: --===============3931566218501358709== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sure. Reviewed-by: Timo Eissler Am 04.10.2015 um 19:07 schrieb Michael Tremer: > On Sun, 2015-10-04 at 12:25 -0400, Tom Rymes wrote: >> On 10/03/2015 5:31 PM, Michael Tremer wrote: >>> If an IPsec VPN connections is not established, there are >>> rare cases when packets are supposed to be sent through >>> that said tunnel and incorrectly handled. >> Michael, et. al.: >> >> I just posted a comment on the bug before I realized that e-mail >> would >> be more appropriate. >> >> My apologies for not being up to speed on this, but can you hold my >> hand >> on implementing this? I am simply not confident enough to apply these >> changes without a better understanding of what I am doing. > You got this already applied (at least the bare essence of that). I > think we should wait for someone else to confirm that this is not > crashing anything :) > > Since I emailed this patch I am still wondering if we should not limit > this rule to the RED interface. We didn't do that when we tried all > this on one of your machines ( > https://bugzilla.ipfire.org/show_bug.cgi?id=10908#c16). It is an easier > solution, but I am wondering if that does not have any side-effects... > > @Timo: You should use the Reviewed-by: tag then. > > Best, > -Michael > >> Thank you, >> >> Tom -- Timo Eissler Senior Project Engineer / Consultant Am Zuckerberg 54 D-71640 Ludwigsburg Tel.: +49 7141 4094003 Mobil.: +49 151 20650311 Email: timo(a)teissler.de --===============3931566218501358709== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUVC Q0FBR0JRSldGcVBJQUFvSkVFbVJDWjYzY3RFdEx3VVAvamx0SlNLMGJQeFFER0pRVi9Xcmd4YXYK OGxxU3R3azdPd3lDN3RHczR0Y3dSV2NiWGc5ekdoUTN6RUVWcnF3MUZpSXB0dThKcHVIWFJmVzFo Y1JoYzJxLwpuZUhxbmhiZFgrbXFHVHBEdzRDbzlOT01SVGNxaDd3SHRHZEtzcmsrdUYrd01wLzhO b3poTjE3TG1xK2J0WTJ1CnVoaUQxZllOdG5ydStyUlYzK3hUdmh1d1IyUW4rT0xWSWd5TDN5V21x RUdxWmJGMXRRenExQTNhelFQbU5sRFoKV1NZa1hlSThGZ3pmbjRuR3RORnQ3OFdkdGwrS0hJSi91 QnRjM05NTkF6RVc2TUFHVmV5YlZ1TWU5WWE2WjFNSAoxQkpYMjlNcWtndy80OVNsT3ZEdHgrMk45 bmZZMktwV0RESmMyUExwaG83K0lPSFh0aTVRS3B4L3p2dUFIR2lyCkdQdFR4NHZ0dEFvYmIxMnFT S1BXR2xtYnBPZFJuaC9HeDRnbE1GdzU0bk1tZXBTcjVGd3hncHI2QmF0U2ZacFgKVFhZMk5sK21m RDBHMDl4K3ZsajBVNHJqUUdNVEs5S094dEVCblhINStNQ3N4WkNSV2FicW15Qmd6aE5EUVc2Sgp6 ZUZKNjdNYXJSaVp3aGJSSlRiRXV2MGhzT1h0ekJ5eWs1V2c5bEhmKzhManJGc1UvOURVbE1jcE9F aGRVTWhCCjlPSWRLV2tySUh5dUFnYnZSRHNmUmlHMTVYdlliZ3lyZU9TZTk0U1RUb2dTcjdKajl5 TmUxbEdIOFpMbjZvVngKSlBQNWNTV2dXMEFUVXQvTGZVMmRWZXhkSFZkTmpZMXFyT2ZJeEpMRUNX MnRxa2RXaUs2ZktObFZWQW9tVWU2eApheHJDTU1ld1hkbGl6TEo1V1drMgo9Q2NzdAotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============3931566218501358709==--