[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF: passing via port { protocol }

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: PF: passing via port { protocol }
From: Hugo Villeneuve <hugo_villeneuve_(_at_)_yahoo_(_dot_)_com>
Date: Tue, 16 Oct 2001 22:12:59 -0400
Cc: karlski <karlski_(_at_)_ng_(_dot_)_datacrypt_(_dot_)_org>

On Tue, Oct 16, 2001 at 03:30:12PM +0000, karlski wrote:
> howdy, i'm testing pf.conf rules on a 3.0 transparent firewall (bridge
> mode)...  just wanting to pass IPSEC traffic via a line similar to:
> 
> pass in on le1 inet proto tcp from any to any port { ipsec }
> pass out on le1 inet proto tcp from any to any port { ipsec }

wrong 

See the FAQ 13.11 second point.

> 
> Question: In reading man pf.conf i'm looking for a list of allowable
> protocols?  How would I specify PPTP, or SFTP, or ESP/AH (IPSEC) in the
> brackets?  

In most place you can use either a name or a number.

for "proto" see /etc/protocols
for "port" see /etc/services

if you can find what you want, just put the number. 

"port" can only be use with udp, tcp.

Yes, (pptp[gre], esp, ah) are IP protocols but they [optionaly in
some case] also use tcp or udp to negociate state/options/etc.

Hugo Villeneuve

References:
- PF: passing via port { protocol }
  - From: karlski

Prev by Date: i810/i815 gfx
Next by Date: [OT ] website question?
Previous by thread: PF: passing via port { protocol }
Next by thread: [ipnat] range of incoming ports?
Index(es):
- Date
- Thread

Visit your host, monkey.org