On Mon, Oct 20, 2008 at 07:57:28PM +0100, Darren J Moffat wrote: > > 1) create ipsec rules that only allow packets related to the needed > > services through > > I don't see any value in using ipsec to do packet filtering when we have > ipsec.
That's a false tautology. ;) You need to substitue "ipfilter" in one of those two "ipsec" instances. There's also a recently-announced-for-review ipfilter set of revs that nwam may be able to exploit. Dan
