Enforce inbound IPsec SPD
Reviewed by: fenner
This commit is contained in:
parent
872f786a75
commit
546f251b29
@ -650,8 +650,18 @@ ip_input(struct mbuf *m)
|
||||
if (ipforwarding == 0) {
|
||||
ipstat.ips_cantforward++;
|
||||
m_freem(m);
|
||||
} else
|
||||
} else {
|
||||
#ifdef IPSEC
|
||||
/*
|
||||
* Enforce inbound IPsec SPD.
|
||||
*/
|
||||
if (ipsec4_in_reject(m, NULL)) {
|
||||
ipsecstat.in_polvio++;
|
||||
goto bad;
|
||||
}
|
||||
#endif /* IPSEC */
|
||||
ip_forward(m, 0);
|
||||
}
|
||||
#ifdef IPFIREWALL_FORWARD
|
||||
ip_fw_fwd_addr = NULL;
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user