On 2011-04-11, Matt S <maschwa...@yahoo.com> wrote: > Unfortunately, pfctl -sl -v says nothing. So, now I have a ruleset like the > one
-sI -v, not -sl -v. > below. I have added a specific pass statement for the gre protocol. This > works, however, I fear that it is insecure. You will need to pass gre, but it doesn't need to be allowed everywhere, just between the tunnel endpoints.
