6.2-STABLE: enc0 sees only outgoing packets in pf
Andre Albsmeier
Andre.Albsmeier at siemens.com
Wed Mar 28 06:59:00 UTC 2007
On Mon, 26-Mar-2007 at 17:07:47 +1200, Andrew Thompson wrote:
> On Mon, Mar 26, 2007 at 02:58:20AM +0200, Volker wrote:
> > Andrew, Andre & all,
> >
> > I've checked it out once more (with a corrected setup) and now have
> > been able to block traffic on enc0 in both directions (no matter if
> > the tunnel endpoint is final destination or not).
>
> Great. Thanks for looking into it anyway.
Andrew,
I can now confirm Volkers findings for non-GIF-based IPSec tunnels.
On GIF-based setups only outgoing packets can be controlled in pf
on enc0. I have filed a PR regarding this issue:
http://www.freebsd.org/cgi/query-pr.cgi?pr=110959
Thanks to all for their help so far,
-Andre
More information about the freebsd-pf
mailing list