This may affect your ipfw/ipf rules. If you are happy with the current behaviour then add IPSEC_FILTERGIF to your kernel config file.
Sam ----- Original Message ----- From: "Sam Leffler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, February 22, 2003 4:47 PM Subject: cvs commit: src/sys/netinet ip_input.c src/sys/conf NOTES options > sam 2003/02/22 16:47:07 PST > > Modified files: > sys/netinet ip_input.c > sys/conf NOTES options > Log: > Add a new config option IPSEC_FILTERGIF to control whether or not > packets coming out of a GIF tunnel are re-processed by ipfw, et. al. > By default they are not reprocessed. With the option they are. > > This reverts 1.214. Prior to that change packets were not re-processed. > After they were which caused problems because packets do not have > distinguishing characteristics (like a special network if) that allows > them to be filtered specially. > > This is really a stopgap measure designed for immediate MFC so that > 4.8 has consistent handling to what was in 4.7. > > PR: 48159 > Reviewed by: Guido van Rooij <[EMAIL PROTECTED]> > MFC after: 1 day > > Revision Changes Path > 1.1129 +11 -0 src/sys/conf/NOTES > http://cvsweb.FreeBSD.org/src/sys/conf/NOTES.diff?r1=1.1128&r2=1.1129 > 1.374 +1 -0 src/sys/conf/options > http://cvsweb.FreeBSD.org/src/sys/conf/options.diff?r1=1.373&r2=1.374 > 1.226 +7 -0 src/sys/netinet/ip_input.c > http://cvsweb.FreeBSD.org/src/sys/netinet/ip_input.c.diff?r1=1.225&r2=1.226 > > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message