Date: Tue, 11 Oct 2011 21:41:00 +0300 From: =?WINDOWS-1251?B?wujy4Ovo6SDC6+Dk6Ozo8O7i6Pc=?= <artemrts@ukr.net> To: freebsd-pf@FreeBSD.org Subject: Filtering inside IPSec tunnel Message-ID: <94876.1318358460.12206338191212019712@ffe11.ukr.net>
next in thread | raw e-mail | index | archive | help
I have the IPSec tunnel FreeBSD <-> CISCO. Tunnel works fine but I can filtering traffic inside tunnel with PF.
pf.conf
......
ipsec_if="gif0"
.......
block in all
block out all
### EXT_IF_OUT
pass out log quick on $ext_if inet from ($ext_if) to any modulate state
### EXT_IF_IN
pass in quick on $ext_if inet proto udp from $cisco to ($ext_if) port 500
pass in quick on $ext_if inet proto {esp ah ipencap} from $cisco to ($ext_if)
### IPSec VPN INTERFACE
#pass in quick on $ipsec_if inet from any to $ipsec_if
#pass out quick on $ipsec_if inet from $ipsec_if to any
block quick on $ipsec_if
But I still ping the second point of IPSec tunnel.
Where is my mistake?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?94876.1318358460.12206338191212019712>