Date: Thu, 22 Jan 2015 07:05:27 +0000 From: krad <kraduk@gmail.com> To: Chris Ernst <snowiswhite@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: A way to load PF rules at startup using OpenVPN Message-ID: <CALfReydSBPUuwAnRp6MaScJqGYHtg-=z5pHrgbBe5oDrfMKK0g@mail.gmail.com> In-Reply-To: <54BFFB92.4020708@gmail.com> References: <F84CF488-7CF6-4580-B169-AA441166E2CB@convalesco.org> <54BFFB92.4020708@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Good spot you are right I forgot about that On 21 Jan 2015 19:18, "Chris Ernst" <snowiswhite@gmail.com> wrote: > Hi Atma > > i had similar issues with exactly the same setup. I was able to solve the > issues by using *brackets* in pf.conf > actually brackets specify dynamic IPs. By using brackets pf knows the IP > may change. > > here is an extract out of my pf.conf > > user@gateway:~ # more /etc/pf.conf > intIf = "vr3" > extIf = "vr0" > vpnIf = "tun0" > [...] > [...] > ### filter rules > block all > [...] > [...] > # allow from vpn to internal > pass in on $vpnIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet > keep state > pass in on $intIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet > keep state > > best regards > Chris > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReydSBPUuwAnRp6MaScJqGYHtg-=z5pHrgbBe5oDrfMKK0g>