Chris Liljenstolpe wrote:

> Greetings,
> 
>     I have read through the mailing list and the discussions about dynamic
> routing on a firewall being a bad thing, and in that pure role, I agree,
> I don't want my firewall listening to route advertisments from untrusted
> sources.  However, this is also a VPN box, and in that role, it would be
> very usefull to have routes advertised through the VPN tunnels.  So how
> about Zebra, and then an option to bind it only to certain interfaces?

One problem: route advertisements do not play well with generic IPsec 
tunnels.  Cisco, for example, recommends that you implement a GRE tunnel 
(encrypted and/or authenticated with IPsec) if you need to send eg RIP 
or OSPF over the internet.

-- 

Phil Brutsche
phil at brutsche dot us