Date: Thu, 22 Jan 2015 07:05:27 +0000 From: krad <kraduk@gmail.com> To: Chris Ernst <snowiswhite@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: A way to load PF rules at startup using OpenVPN Message-ID: <CALfReydSBPUuwAnRp6MaScJqGYHtg-=z5pHrgbBe5oDrfMKK0g@mail.gmail.com> In-Reply-To: <54BFFB92.4020708@gmail.com> References: <F84CF488-7CF6-4580-B169-AA441166E2CB@convalesco.org> <54BFFB92.4020708@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Good spot you are right I forgot about that
On 21 Jan 2015 19:18, "Chris Ernst" <snowiswhite@gmail.com> wrote:
> Hi Atma
>
> i had similar issues with exactly the same setup. I was able to solve the
> issues by using *brackets* in pf.conf
> actually brackets specify dynamic IPs. By using brackets pf knows the IP
> may change.
>
> here is an extract out of my pf.conf
>
> user@gateway:~ # more /etc/pf.conf
> intIf = "vr3"
> extIf = "vr0"
> vpnIf = "tun0"
> [...]
> [...]
> ### filter rules
> block all
> [...]
> [...]
> # allow from vpn to internal
> pass in on $vpnIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet
> keep state
> pass in on $intIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet
> keep state
>
> best regards
> Chris
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReydSBPUuwAnRp6MaScJqGYHtg-=z5pHrgbBe5oDrfMKK0g>