summaryrefslogtreecommitdiffstats
path: root/roles/common/files/etc/samhain
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-11-04 00:31:43 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:50:38 +0200
commit67c5135625d3553dcb6f2bfc193df24c0e1ab826 (patch)
tree21d5c3c18a1531e445cd1c0dad9ac76a358f7321 /roles/common/files/etc/samhain
parentad9c840c40d923e0fd1b04a57274cc2ec2e381ec (diff)
Prohibit binding against the IP reserved for IPSec.
Packets originating from our (non-routable) $ipsec are marked; there is no xfrm lookup (i.e., no matching IPSec association), the packet will retain its mark and be null routed later on, thanks to ip rule add fwmark "$secmark" table 666 priority 666 ip route add blackhole default table 666
Diffstat (limited to 'roles/common/files/etc/samhain')
0 files changed, 0 insertions, 0 deletions