IPSEC transport mode and PF NAT to VIMAGE Jail
Maciej Milewski
milu at dat.pl
Mon Feb 17 10:33:54 UTC 2014
On 16.02.2014 15:47, Philipp Schmid wrote:
> Any idea how to get that working?
> For me it looks like if the packets arriving via IPsec are somehow passing the firewall and are not processed by pf.
> I can also connect to any port from the 10.0.1.111 client on 10.0.1.178, not just the ones I allowed in /etc/pf.conf
>
>
> Thank you, Philipp
set skip on /interface/
Skip /all/ PF processing on /interface/. This can be useful on
loopback interfaces where filtering, normalization, queueing, etc,
are not required. This option can be used multiple times. By default
this option is not set.
You have: set skip on bridge0
I think that you should fix this first.
--
Pozdrawiam,
Maciej Milewski
More information about the freebsd-net
mailing list