K 10
svn:author
V 8
keramida
K 8
svn:date
V 27
2006-06-26T13:06:22.000000Z
K 7
svn:log
V 560
When IPSEC is configured according to the Handbook[1], pf fails
to track connection state properly, because it does not see
packets coming from the tunneled interface to gif(4).  Rebuilding
with IPSEC_FILTERGIF fixes the problem.

According to mlaier@ we cannot change GENERIC for this, but it's
ok to document the requirement for IPSEC_FILTERGIF.  Add a note
to this effect.

[1] http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html

PR:		kern/97057
Submitted by:	Dmitry Andrianov <freebsd@dima.spb.ru>
Suggested by:	mlaier
Reviewed by:	remko

END
