Date: Fri, 9 May 2003 19:25:25 -0500 From: "Matthew D. Fuller" <fullermd@over-yonder.net> To: Danny Carroll <fbsd@dannysplace.net> Cc: freebsd-security@freebsd.org Subject: Re: how to configure a FreeBSD firewall to pass IPSec? Message-ID: <20030510002525.GC97056@over-yonder.net> In-Reply-To: <003101c314cf$930ceef0$e464a8c0@llama> References: <1052299663.086db7b178457@www.dannysplace.com> <003101c314cf$930ceef0$e464a8c0@llama>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 07, 2003 at 09:33:45PM +0200 I heard the voice of
Danny Carroll, and lo! it spake thus:
>
> deny log logamount 500 ip from any to 192.168.0.0/24 via xl0
^^
Shouldn't that be /16? Which would also obviate the need for:
> deny log logamount 500 ip from 192.168.50.0/24 to any in recv xl0
--
Matthew Fuller (MF4839) | fullermd@over-yonder.net
Systems/Network Administrator | http://www.over-yonder.net/~fullermd/
"The only reason I'm burning my candle at both ends, is because I
haven't figured out how to light the middle yet"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030510002525.GC97056>