diff options
| author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2009-05-23 16:42:38 +0000 |
|---|---|---|
| committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2009-05-23 16:42:38 +0000 |
| commit | db2e47925ece914db7cc01b4b1792535bc65b12b (patch) | |
| tree | af224eeb2132573550696e499948967fb4a2e0d7 /share/man/man4/ipsec.4 | |
| parent | b44522f44bfa8e421164f88148eabad75c1921b4 (diff) | |
| download | src-db2e47925ece914db7cc01b4b1792535bc65b12b.tar.gz src-db2e47925ece914db7cc01b4b1792535bc65b12b.zip | |
Add sysctls to toggle the behaviour of the (former) IPSEC_FILTERTUNNEL
kernel option.
This also permits tuning of the option per virtual network stack, as
well as separately per inet, inet6.
The kernel option is left for a transition period, marked deprecated,
and will be removed soon.
Initially requested by: phk (1 year 1 day ago)
MFC after: 4 weeks
Notes
Notes:
svn path=/head/; revision=192648
Diffstat (limited to 'share/man/man4/ipsec.4')
| -rw-r--r-- | share/man/man4/ipsec.4 | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/share/man/man4/ipsec.4 b/share/man/man4/ipsec.4 index 4bc45d6ee28d..47ccdb1082b5 100644 --- a/share/man/man4/ipsec.4 +++ b/share/man/man4/ipsec.4 @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 5, 2007 +.Dd May 23, 2009 .Dt IPSEC 4 .Os .Sh NAME @@ -37,7 +37,6 @@ .Nd Internet Protocol Security protocol .Sh SYNOPSIS .Cd "options IPSEC" -.Cd "options IPSEC_FILTERTUNNEL" .Cd "device crypto" .Pp .In sys/types.h @@ -88,9 +87,12 @@ inbound. .Pp To properly filter on the inner packets of an .Nm -tunnel with firewalls, add -.Cd "options IPSEC_FILTERTUNNEL" -to the kernel configuration file. +tunnel with firewalls, you can change the values of the following sysctls +.Bl -column net.inet6.ipsec6.filtertunnel default enable +.It Sy "Name Default Enable" +.It net.inet.ipsec.filtertunnel 0 1 +.It net.inet6.ipsec6.filtertunnel 0 1 +.El .\" .Ss Kernel interface .Nm |