Date: Wed, 21 Jan 2015 20:18:42 +0100 From: Chris Ernst <snowiswhite@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: A way to load PF rules at startup using OpenVPN Message-ID: <54BFFB92.4020708@gmail.com> In-Reply-To: <F84CF488-7CF6-4580-B169-AA441166E2CB@convalesco.org> References: <F84CF488-7CF6-4580-B169-AA441166E2CB@convalesco.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Atma
i had similar issues with exactly the same setup. I was able to solve
the issues by using *brackets* in pf.conf
actually brackets specify dynamic IPs. By using brackets pf knows the IP
may change.
here is an extract out of my pf.conf
user@gateway:~ # more /etc/pf.conf
intIf = "vr3"
extIf = "vr0"
vpnIf = "tun0"
[...]
[...]
### filter rules
block all
[...]
[...]
# allow from vpn to internal
pass in on $vpnIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet
keep state
pass in on $intIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet
keep state
best regards
Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54BFFB92.4020708>