next up previous
Next: 4.17.2 017: response Up: 4.17 017: integrate IPsec Previous: 4.17 017: integrate IPsec

4.17.1 017: Definition of requirement

To provide industrial-strength security, the IPsec Security Policy Database should be integrated with the regular Linux firewalling facilities, specifically into the Netfilter/IPtables code.

Integration provides a single place to express policy. It prevents duplication of code: this is both a savings in physical quantities (kernel time and code space) as well as a reduction in opportunities for errors.

Michael Richardson