how to configure a FreeBSD firewall to pass IPSec?
Matthew D. Fuller
fullermd at over-yonder.net
Fri May 9 17:25:30 PDT 2003
On Wed, May 07, 2003 at 09:33:45PM +0200 I heard the voice of
Danny Carroll, and lo! it spake thus:
>
> deny log logamount 500 ip from any to 192.168.0.0/24 via xl0
^^
Shouldn't that be /16? Which would also obviate the need for:
> deny log logamount 500 ip from 192.168.50.0/24 to any in recv xl0
--
Matthew Fuller (MF4839) | fullermd at over-yonder.net
Systems/Network Administrator | http://www.over-yonder.net/~fullermd/
"The only reason I'm burning my candle at both ends, is because I
haven't figured out how to light the middle yet"
More information about the freebsd-security
mailing list