From: angelos Date: Mon, 27 Mar 2000 07:26:45 +0000 (+0000) Subject: As I threatened a while ago, ingress IPsec ACL-checking is turned on X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=48d0131f392c818508ad6efcd49d020aea818b1d;p=openbsd As I threatened a while ago, ingress IPsec ACL-checking is turned on by default. Read the ipsecadm(8) man page for more details on how to specify ingress filters with manual keying. isakmpd has been doing this for a while now. --- diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index b92ae13ae98..26c3846e5e1 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.49 2000/03/03 13:09:28 itojun Exp $ */ +/* $OpenBSD: ip_input.c,v 1.50 2000/03/27 07:26:45 angelos Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -78,7 +78,7 @@ #endif int encdebug = 0; -int ipsec_acl = 0; +int ipsec_acl = 1; int ipsec_keep_invalid = IPSEC_DEFAULT_EMBRYONIC_SA_TIMEOUT; int ipsec_require_pfs = IPSEC_DEFAULT_PFS; int ipsec_soft_allocations = IPSEC_DEFAULT_SOFT_ALLOCATIONS;