-------- Message original --------
> I know there is a way (according to the FreeBSD handbook) to put all
> this IPSEC traffic through a virtual network interface (gif0, gif1,
> etc). Similar to how the PPTP server works with the ng0, ng1
> interfaces. If this was how things were done then traffic could
> easily be filtered.
Yes, having the IPsec traffic bound to a virtual interface would help a
lot. But I don't know if the gifconfig stuff is available on FreeBSD
4.xx (on which m0n0wall is based)...