A way to load PF rules at startup using OpenVPN
Chris Ernst
snowiswhite at gmail.com
Wed Jan 21 19:18:45 UTC 2015
Hi Atma
i had similar issues with exactly the same setup. I was able to solve
the issues by using *brackets* in pf.conf
actually brackets specify dynamic IPs. By using brackets pf knows the IP
may change.
here is an extract out of my pf.conf
user at gateway:~ # more /etc/pf.conf
intIf = "vr3"
extIf = "vr0"
vpnIf = "tun0"
[...]
[...]
### filter rules
block all
[...]
[...]
# allow from vpn to internal
pass in on $vpnIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet
keep state
pass in on $intIf inet proto {tcp,udp} from ($vpnIf:network) to $intNet
keep state
best regards
Chris
More information about the freebsd-questions
mailing list