Date: Wed, 28 Mar 2007 08:58:58 +0200 From: Andre Albsmeier <Andre.Albsmeier@siemens.com> To: Andrew Thompson <thompsa@freebsd.org> Cc: Volker <volker@vwsoft.com>, Andre Albsmeier <Andre.Albsmeier@siemens.com>, freebsd-pf@freebsd.org Subject: Re: 6.2-STABLE: enc0 sees only outgoing packets in pf Message-ID: <20070328065858.GA8788@curry.mchp.siemens.de> In-Reply-To: <20070326050747.GC68655@heff.fud.org.nz> References: <20070323115043.GA6991@curry.mchp.siemens.de> <46052572.9070402@vwsoft.com> <20070324185928.GC45070@heff.fud.org.nz> <46071AAC.2020101@vwsoft.com> <20070326050747.GC68655@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 26-Mar-2007 at 17:07:47 +1200, Andrew Thompson wrote: > On Mon, Mar 26, 2007 at 02:58:20AM +0200, Volker wrote: > > Andrew, Andre & all, > > > > I've checked it out once more (with a corrected setup) and now have > > been able to block traffic on enc0 in both directions (no matter if > > the tunnel endpoint is final destination or not). > > Great. Thanks for looking into it anyway. Andrew, I can now confirm Volkers findings for non-GIF-based IPSec tunnels. On GIF-based setups only outgoing packets can be controlled in pf on enc0. I have filed a PR regarding this issue: http://www.freebsd.org/cgi/query-pr.cgi?pr=110959 Thanks to all for their help so far, -Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070328065858.GA8788>