[Bug 226411] PF does not properly keep state with GRE in IPSec
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Mar 13 20:00:55 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411
--- Comment #4 from Eric Dombroski <eric at edombroski.com> ---
Correction/clarification:
Setting "set skip on gre0" indeed allows the traffic to go through, but doesn't
allow any control of traffic over the tunnel.
The following /etc/pf.conf configuration does NOT work as expected:
set block-policy drop
set loginterface egress
set skip on lo0
#default block rules
block log all
# allow in from other host
pass in quick on vmx0 from 10.10.10.0/24
# pass in from gre0
pass in quick on gre0 to 10.6.0.0/23
# allow all in from lan subnet
pass in quick from 10.6.0.0/23
# pass all output packets
pass out quick
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list