diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-03-27 07:26:46 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-03-27 07:26:46 +0000 |
| commit | 0394072f61ccab4f62bd2b3718f2592b87af862a (patch) | |
| tree | a0a2b0a485c51e3cdda6f1f989eac9122c77c563 | |
| parent | 2973d269b6b765ebf9da010880d8df7b232c2bfe (diff) | |
As I threatened a while ago, ingress IPsec ACL-checking is turned on
by default. Read the ipsecadm(8) man page for more details on how to
specify ingress filters with manual keying. isakmpd has been doing
this for a while now.
| -rw-r--r-- | sys/netinet/ip_input.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index b92ae13ae98..26c3846e5e1 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.49 2000/03/03 13:09:28 itojun Exp $ */ +/* $OpenBSD: ip_input.c,v 1.50 2000/03/27 07:26:45 angelos Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -78,7 +78,7 @@ #endif int encdebug = 0; -int ipsec_acl = 0; +int ipsec_acl = 1; int ipsec_keep_invalid = IPSEC_DEFAULT_EMBRYONIC_SA_TIMEOUT; int ipsec_require_pfs = IPSEC_DEFAULT_PFS; int ipsec_soft_allocations = IPSEC_DEFAULT_SOFT_ALLOCATIONS; |