Date: Tue, 2 Feb 2010 04:51:04 -0500 From: Vadym Chepkov <vchepkov@gmail.com> To: dug <dug@xgs-france.com> Cc: freebsd-pf@FreeBSD.org Subject: Re: pf and enc0 Message-ID: <3EFB5293-0CCA-41F7-B5DF-B309197EC343@gmail.com> In-Reply-To: <1FDF0CD4-43E2-449D-9B19-648E8A3EFC8B@xgs-france.com> References: <AF293434-875D-47DD-B78D-75972CD27835@gmail.com> <1FDF0CD4-43E2-449D-9B19-648E8A3EFC8B@xgs-france.com>
next in thread | previous in thread | raw e-mail | index | archive | help
But I don't "block" it, I thought default is to "pass" ? On Feb 2, 2010, at 4:48 AM, dug wrote: > Hello, > > You have to allow this traffic on your enc0 interface. > It's not a bug. > > > Le 2 févr. 2010 à 10:22, Vadym Chepkov a écrit : > >> Hi, >> >> I have stumbled on a problem and I am not sure if it's a bug or a feature. >> >> very simple block rules >> >> # pfctl -sr | grep block >> block return in log on bge0 all >> block return in quick on bge0 from <martians> to any >> block return out quick on bge0 from any to <martians> >> >> bge0 is my WAN interface, I have FreeBSD 6.4 >> >> I enabled IPSEC in my kernel >> >> options FAST_IPSEC >> options IPSEC_NAT_T >> device enc >> device crypto >> device cryptodev >> >> and all works fine until I do 'ifconfig enc0 up' >> after that traffic coming through ipsec tunnel is getting rejected and I can see it's recorded in pflog0 >> >> I am not sure why and how to prevent this from happening. >> >> Thanks, >> Vadym Chepkov_______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EFB5293-0CCA-41F7-B5DF-B309197EC343>