6.2-STABLE: enc0 sees only outgoing packets in pf
Volker
volker at vwsoft.com
Mon Mar 26 00:32:50 UTC 2007
Sorry... my experimental setup has had a mistake.
I've re-read my posting and checked everything. What did get my
attention was:
> But incoming traffic still passes:
> rule 29/0(match): pass in on enc0: (tos 0x0, ttl 64, id 58618,
> offset 0, flags [none], proto: ICMP (1), length: 84) 194.180.156.137
>> > 10.1.1.1: ICMP echo request, id 26909, seq 0, length 64
Which means, rule 29 was letting this packet pass. I've checked rule
29 and found the mistake. This is letting (on one tunnel endpoint)
traffic through by a table of IP addresses and mistakenly the
internal IP address of the remote tunnel endpoint is in there.
Will correct that and do another test.
Volker
More information about the freebsd-pf
mailing list