[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem with pf rather not common

To: "Henning Brauer" <lists-openbsd@bsws.de>, <misc@openbsd.org>
Subject: Re: problem with pf rather not common
From: "DonKoyote" <donkoyote@acn.waw.pl>
Date: Thu, 27 Jun 2002 12:11:39 +0200
References: <003e01c21d30$9c2c7470$01000001@DONKOYOTE> <20020626200048.E8644@skywalker.bsws.de>

> On Wed, Jun 26, 2002 at 06:43:32PM +0200, DonKoyote wrote:
> > For secure my wireless segment I did IPSec tunel from each Host/Client
to
> > OpenBSD gateway.
> >  I want to block some traffic which comes from 192.168.2.0/24 if Client
is
> > not logged on to authpf, but pass some ports before that, and add some
ports
> > after log on.
> > The problem is, that whole traffic is set by tunnel with ESP protocol,
so pf
> > will see those data like comming on the same port, and there is no
matter if
> > it's http, ssh etc. If I want to block some ports, in my opinion I
should
> > set rules on rl0 NIC eg. block out on rl0 ...
> > But it doesn't works ...
>
> of course not, there's only esp on rl0. you should be able to filter on
> enc0.

There is no such device like enc0 ....

I don't use any virtual interfaces too.


regards
DonKoyote

References:
- problem with pf rather not common
  - From: "DonKoyote" <donkoyote@acn.waw.pl>
- Re: problem with pf rather not common
  - From: Henning Brauer <lists-openbsd@bsws.de>

Prev by Date: Re: Version
Next by Date: Re: Version
Prev by thread: Re: problem with pf rather not common
Next by thread: binary transfers with ftp
Index(es):
- Date
- Thread