Date: Tue, 30 May 2017 16:22:05 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: "Kajetan Staszkiewicz" <vegeta@tuxpowered.net> Cc: freebsd-pf@freebsd.org Subject: Re: pf not checking traffic from tunnels Message-ID: <E08E37F7-F5E3-4079-8A1D-5126AADF1B8A@lists.zabbadoz.net> In-Reply-To: <1853600.RL7SYQSJBX@energia> References: <1853600.RL7SYQSJBX@energia>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30 May 2017, at 16:17, Kajetan Staszkiewicz wrote: > Hello, > > I have a setup where FreeBSD-based routers serving datacenters are > connected > via gif tunnels which are additionally encrypted using transport mode > IPsec. > Each router runs pf and provides firewalling between multiple VLANs. > Tunnel > interfaces were always trusted, though. .. > Is there any option to check from userspace if the gif interface has > pf > attached in netpfil hook for incoming traffic? Running tcpdump on gif > interface correctly shows incoming icmp echo request. What you want to read is man 4 enc I think. /bz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E08E37F7-F5E3-4079-8A1D-5126AADF1B8A>