Date: Sat, 05 Jan 2008 21:59:39 +0100 From: Norman Maurer <norman@apache.org> To: freebsd-questions@freebsd.org Subject: PF and fitering statefull on GIF interface Message-ID: <1199566779.5513.5.camel@norman-laptop>
next in thread | raw e-mail | index | archive | help
Hi all, im using FreeBSD 6.2-p9 on my server which acts as IPSec router using ipsec-tools. This works fine... But now i need to filter traffic which comes from the local private network to the vpn private network. I tried todo this with pf and using keep state. The return packets just get dropped. So I reread the gif manpage and read about the IPSEC_FILTERGIF option. I rebuilded the kernel with the option and tried it again. No luck! So I suspect this option is only valid for ipfw and ipf ? Any idea how i can use pf + ipsec ( over gif interface ) to filter the needed stuff. This for example not work: LOCAL_NET = 10.0.0.0/24 VPN_REMOTE_NET = 192.168.10.0/28 pass proto tcp from $LOCAL_NET to $VPN_REMOTE_NET port 22 flags S/SA keep state This works: LOCAL_NET = 10.0.0.0/24 VPN_REMOTE_NET = 192.168.10.0/28 pass proto tcp from $LOCAL_NET to $VPN_REMOTE_NET port 22 pass proto tcp from $VPN_REMOTE_NET port 22 to $LOCAL_NET Thx for the help bye Norman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1199566779.5513.5.camel>