diff options
| author | Giorgos Keramidas <keramida@FreeBSD.org> | 2006-06-26 13:06:22 +0000 |
|---|---|---|
| committer | Giorgos Keramidas <keramida@FreeBSD.org> | 2006-06-26 13:06:22 +0000 |
| commit | 4d2455bbfbd536dd04535b592b5008bd1680184c (patch) | |
| tree | 202f1c69797c97ba7b965f9cd3e58e24f21c6894 | |
| parent | 5d0d47d9060446a6100c0579a788f72c400103c3 (diff) | |
Notes
| -rw-r--r-- | en_US.ISO8859-1/books/handbook/security/chapter.sgml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml index 1c9373f03d..c28bc1878c 100644 --- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml @@ -3116,7 +3116,17 @@ options FAST_IPSEC # new IPsec (cannot define w/ IPSEC) <quote>Fast IPsec</quote> subsystem in lieu of the KAME implementation of IPsec. Consult the &man.fast.ipsec.4; manual page for more information.</para> + </note> + <note> + <para>To let firewalls properly track state for &man.gif.4; + tunnels too, you have to enable the + <option>IPSEC_FILTERGIF</option> in your kernel + configuration:</para> + + <screen> +options IPSEC_FILTERGIF #filter ipsec packets from a tunnel + </screen> </note> <indexterm> |