Hi,
On Tuesday 26 November 2002 15:19, Greg Panula wrote:
>
> # allow private traffic between location to flow
> allow ip from 10... to 192.168... out via int.nic
> allow ip from 192.168... to 10... in via int.nic
>
> Granted the ruleset above assumes you are *not* using gif tunnels, just
> ipsec tunnels. The encrypted traffic arrives on the external interface,
> is decrypted and passed back to the kernel for routing&filtering. Ipfw
> rules for the internal nic then allow or deny the traffic.
This does not filter packets that are destined to
firewall host itself. For example, if your local network
is 192.168.1.x, with firewall int.nic as 192.168.1.1
and you have ipsec policy that connects another
network to this network then you are unable to filter
traffic to firewall itself ie. the firewall is WIDE OPEN
from the other network via the VPN.
Ari S.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
