kernel-wfp: Install outbound ALE connect rules for IPsec
authorMartin Willi <martin@revosec.ch>
Fri, 28 Nov 2014 08:39:40 +0000 (09:39 +0100)
committerMartin Willi <martin@revosec.ch>
Thu, 4 Dec 2014 10:10:48 +0000 (11:10 +0100)
commite1a448314ffcf2fc7dd8db7382c734794e9fe633
tree4848fa1598db5dd0cbaf636464368eabba5bfdb0
parenta8142a17cff1a420599b30c13568bda1fa0a6653
kernel-wfp: Install outbound ALE connect rules for IPsec

Similar to the inbound rules, the ALE filter processes IP-in-IP packets for
outbound tunnel mode traffic. When using an outbound default-drop policy,
Windows does not allow connection initiation without these explicit rules.
src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c