rcorder for vpn-like tunnels during early rc.d startup
Eugene Grosbein
eugen at grosbein.net
Thu Dec 27 14:17:08 UTC 2018
27.12.2018 19:31, Willem Jan Withagen wrote:
>> Current ipfw implementation allows you to use 'tun*' or table containing interface names:
>>
>> ipfw table NAME create type iface
>> ipfw add 2000 allow ip from any to any via 'table(NAME)'
>>
>> ipfw table NAME add tap0
>> ipfw table NAME add tun0
>>
>> Note you do not have to change ruleset at all; you add or delete table records only.
>>
> Nice,
>
> I was wondering about this, if tables would work for that.
>
> That is fine if all your VPNs have the same rules, but if they have different properties and are in and outgoing you will want a bit more control over whats going on.
> Hence my basic feeling.... :)
You still can create several tables for different properties and process tables differently.
More information about the freebsd-hackers
mailing list