diff options
| author | Sam Leffler <sam@FreeBSD.org> | 2003-12-02 00:23:45 +0000 |
|---|---|---|
| committer | Sam Leffler <sam@FreeBSD.org> | 2003-12-02 00:23:45 +0000 |
| commit | d559f5c3d88433f68cbba401da697406e161cf71 (patch) | |
| tree | 9e09c1284e58fc502bcee7c99ed0866db77c78b2 /sbin | |
| parent | 186e347f2ce38657cec972b2a8283030e4e48ee8 (diff) | |
| download | src-d559f5c3d88433f68cbba401da697406e161cf71.tar.gz src-d559f5c3d88433f68cbba401da697406e161cf71.zip | |
Include opt_ipsec.h so IPSEC/FAST_IPSEC is defined and the appropriate
code is compiled in to support the O_IPSEC operator. Previously no
support was included and ipsec rules were always matching. Note that
we do not return an error when an ipsec rule is added and the kernel
does not have IPsec support compiled in; this is done intentionally
but we may want to revisit this (document this in the man page).
PR: 58899
Submitted by: Bjoern A. Zeeb
Approved by: re (rwatson)
Notes
Notes:
svn path=/head/; revision=123096
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipfw/ipfw.8 | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index fea10947cf2d..7d64d65593de 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 13, 2002 +.Dd December 1, 2003 .Dt IPFW 8 .Os .Sh NAME @@ -987,6 +987,13 @@ is different from specifying .Cm proto Ar ipsec as the latter will only look at the specific IP protocol field, irrespective of IPSEC kernel support and the validity of the IPSEC data. +.Pp +Further note that this flag is silently ignored in kernels without +IPSEC support. +It does not affect rule processing when given and the +rules are handled as if with no +.Cm ipsec +flag. .It Cm iptos Ar spec Matches IP packets whose .Cm tos |