diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2013-11-04 00:31:43 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:50:38 +0200 |
commit | 67c5135625d3553dcb6f2bfc193df24c0e1ab826 (patch) | |
tree | 21d5c3c18a1531e445cd1c0dad9ac76a358f7321 /roles/common/files/etc/samhain/samhainrc | |
parent | ad9c840c40d923e0fd1b04a57274cc2ec2e381ec (diff) |
Prohibit binding against the IP reserved for IPSec.
Packets originating from our (non-routable) $ipsec are marked; there is
no xfrm lookup (i.e., no matching IPSec association), the packet will
retain its mark and be null routed later on, thanks to
ip rule add fwmark "$secmark" table 666 priority 666
ip route add blackhole default table 666
Diffstat (limited to 'roles/common/files/etc/samhain/samhainrc')
0 files changed, 0 insertions, 0 deletions