Another possibility is for two types of IP filtering / IPsec rules: - ones bypassable by sufficiently privileged apps (using a socket option) (perhaps the level of privilege requires should be specifiable in the rules themselves)
- ones not bypassable under any circumstances Add: - a socket option to bypass bypassable filters - netstat extensions to make the use of that socket option observable Nico --
