[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf on enc0 interface

To: tech_(_at_)_openbsd_(_dot_)_org
Subject: pf on enc0 interface
From: TERPLAK Alexandre <alex_(_at_)_vbone_(_dot_)_net>
Date: Wed, 12 Mar 2003 21:02:32 +0100

Hi,

Most people seem to allow any traffic through their ipsec tunnels using this kind of rules:

pass in quick on enc0 all
pass out quick on enc0 all

This works fine but I wanted to be more restrictive and have replaced the in rule with this one (have also tried other variants) : pass in quick on enc0 proto icmp from any to any

For some reason it does not work. The incoming icmps are blocked by my default "block in all" rule. The same config however works with a tunnel that uses the ppp1 interface (or any other interface of course), so there must be something specific to enc0 ? Do you have any idea ? I know it's just a software loopback but it's usable to make pf rules right ?


Regards,
Alexandre

Follow-Ups:
- Re: pf on enc0 interface
  - From: Alexandre

References:
- nat in pf
  - From: Jason Hunt

Prev by Date: Re: Monitoring IPsec traffic
Next by Date: Problems with 3.3 snapshot floppy33.fs??
Previous by thread: Re: nat in pf
Next by thread: Re: pf on enc0 interface
Index(es):
- Date
- Thread

Visit your host, monkey.org