Hi all
Can tags from ipsec (defined in ipsec.conf) be referenced in pf nat
rules (OBSD 4.1)?
The idea is:
ipsec.conf:
ike esp from A to B tag "mytag"
pf.conf:
nat on $int_if tagged "mytag" -> ($int_if:1)
nat on $int_if from !($int_if) -> ($int_if:0)
If I use the "tagged" keyword, the second nat rule is used even for
packets coming out of the ipsec tunnel. Replacing the "tagged" keyword
with the actual IPs works:
nat on $int_if from A to B -> ($int_if:1)
Shouldn't this be possible with tags?
thx for any pointer
/markus
