But I don't "block" it, I thought default is to "pass" ?
On Feb 2, 2010, at 4:48 AM, dug wrote: > Hello, > > You have to allow this traffic on your enc0 interface. > It's not a bug. > > > Le 2 févr. 2010 à 10:22, Vadym Chepkov a écrit : > >> Hi, >> >> I have stumbled on a problem and I am not sure if it's a bug or a feature. >> >> very simple block rules >> >> # pfctl -sr | grep block >> block return in log on bge0 all >> block return in quick on bge0 from <martians> to any >> block return out quick on bge0 from any to <martians> >> >> bge0 is my WAN interface, I have FreeBSD 6.4 >> >> I enabled IPSEC in my kernel >> >> options FAST_IPSEC >> options IPSEC_NAT_T >> device enc >> device crypto >> device cryptodev >> >> and all works fine until I do 'ifconfig enc0 up' >> after that traffic coming through ipsec tunnel is getting rejected and I can >> see it's recorded in pflog0 >> >> I am not sure why and how to prevent this from happening. >> >> Thanks, >> Vadym Chepkov_______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" >> > _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
