yes, just writing an appropriate isakmpd.policy file should work::
Authorizer: "POLICY"
Conditions: app_domain == "IPsec policy" &&
( remote_filter != "000.000.000.000-255.255.255.255" ) -> "true";
On Tue, Apr 13, 2010 at 12:10:27PM +1000, Damien Miller wrote:
> On Mon, 12 Apr 2010, Toni Mueller wrote:
>
> > Hi,
> >
> > with your comments, I have produceds a second version of the patch,
> > which includes the following changes:
>
> IPsec isn't really my area, but some questions:
>
> 1) Why are these flows "illegal"? 0/0 -> 0/0 seems like it might have a
> use as a shorthand for "tunnel absolutely everything".
>
> 2) Why are you implementing this in the kernel instead of isakmpd?
>
> 3) Why are you implementing this at all? Doesn't isakmpd have mechanisms
> to prevent peers from creating undesired flows?
>
> -d
