[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pf + enc
- To: email@example.com
- Subject: pf + enc
- From: firstname.lastname@example.org
- Date: Wed, 17 Jul 2002 11:21:27 -0500
- Content-Disposition: inline
- Mail-Followup-To: email@example.com
- User-Agent: Mutt/1.3.25i
i've seen a few responses to similar issues on the list but
i'm hoping someone can clarify.
a simple vpn is setup to tunnel 2 /24's. i want to filter traffic on the
vpn via pf. no problems filtering the outgoing traffic on enc0, but it
appears to still be encapsulated when pf examines it incoming. any
work-arounds here? the vpn(8) man page reads:
netA = "10.0.50.0/24"
netB = "10.0.99.0/24"
# Passing in traffic from the designated subnets.
pass in on enc0 from $netB to $netA
pass out on enc0 from $netA to $netB
although this does not work. (despite including filters in the isakmp
policy file, and the flows being configured a certain way i'm assuming
no enforcement is done on encapsulated addresses going through the vpn?)