[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem with pf rather not common

To: misc@openbsd.org
Subject: Re: problem with pf rather not common
From: Henning Brauer <lists-openbsd@bsws.de>
Date: Wed, 26 Jun 2002 20:00:48 +0200
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
References: <003e01c21d30$9c2c7470$01000001@DONKOYOTE>

On Wed, Jun 26, 2002 at 06:43:32PM +0200, DonKoyote wrote:
> For secure my wireless segment I did IPSec tunel from each Host/Client to
> OpenBSD gateway.
>  I want to block some traffic which comes from 192.168.2.0/24 if Client is
> not logged on to authpf, but pass some ports before that, and add some ports
> after log on.
> The problem is, that whole traffic is set by tunnel with ESP protocol, so pf
> will see those data like comming on the same port, and there is no matter if
> it's http, ssh etc. If I want to block some ports, in my opinion I should
> set rules on rl0 NIC eg. block out on rl0 ...
> But it doesn't works ...

of course not, there's only esp on rl0. you should be able to filter on
enc0.

Follow-Ups:
- Re: problem with pf rather not common
  - From: "DonKoyote" <donkoyote@acn.waw.pl>

References:
- problem with pf rather not common
  - From: "DonKoyote" <donkoyote@acn.waw.pl>

Prev by Date: Re: -current "sane to try" yet?
Next by Date: System appears to hang while installing
Prev by thread: problem with pf rather not common
Next by thread: Re: problem with pf rather not common
Index(es):
- Date
- Thread