From owner-freebsd-doc@freebsd.org Tue Oct 11 21:30:13 2016 Return-Path: Delivered-To: freebsd-doc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AAADBC0EB3B for ; Tue, 11 Oct 2016 21:30:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9A84A9E for ; Tue, 11 Oct 2016 21:30:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u9BLUDNF013438 for ; Tue, 11 Oct 2016 21:30:13 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-doc@FreeBSD.org Subject: [Bug 213394] Wrong Firewall Rule for IPSEC Configuration Date: Tue, 11 Oct 2016 21:30:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Documentation X-Bugzilla-Component: Documentation X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: riedinger@sns.eu X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-doc@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2016 21:30:13 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213394 Bug ID: 213394 Summary: Wrong Firewall Rule for IPSEC Configuration Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Documentation Assignee: freebsd-doc@FreeBSD.org Reporter: riedinger@sns.eu In section "13.7. VPN over IPsec" it is written that you shall configure the Firewall rule "ipfw add 00204 allow log udp from any 500 to any". This opens the Firewall for all incoming udp packets if the source port 500 is used. I don't have much expirience with the IPSEC configuration, but because if the instructions, which follow for the pf or ipf users I assume the correct rul= e is "ipfw add 00204 allow log udp from any 500 to any". --=20 You are receiving this mail because: You are the assignee for the bug.=