On Mon, 26-Mar-2007 at 02:58:20 +0200, Volker wrote:
> Andrew, Andre & all,
>
> I've checked it out once more (with a corrected setup) and now have
> been able to block traffic on enc0 in both directions (no matter if
> the tunnel endpoint is final destination or not).
Does that mean that a rule
On Mon, Mar 26, 2007 at 02:58:20AM +0200, Volker wrote:
> Andrew, Andre & all,
>
> I've checked it out once more (with a corrected setup) and now have
> been able to block traffic on enc0 in both directions (no matter if
> the tunnel endpoint is final destination or not).
Great. Thanks for lookin
Andrew, Andre & all,
I've checked it out once more (with a corrected setup) and now have
been able to block traffic on enc0 in both directions (no matter if
the tunnel endpoint is final destination or not).
Sorry for my first false posting.
In this test case both machines (tunnel endpoints) are:
Sorry... my experimental setup has had a mistake.
I've re-read my posting and checked everything. What did get my
attention was:
> But incoming traffic still passes:
> rule 29/0(match): pass in on enc0: (tos 0x0, ttl 64, id 58618,
> offset 0, flags [none], proto: ICMP (1), length: 84) 194.180.15
On 03/24/07 19:59, Andrew Thompson wrote:
> On Sat, Mar 24, 2007 at 02:19:46PM +0100, Volker wrote:
>> Andre,
>>
>> On 12/23/-58 20:59, Andre Albsmeier wrote:
>>> [Retrying on -pf...]
>>>
>>> (This is FreeBSD 6.2-STABLE as of yesterday using pf and FAST_IPSEC.)
>>>
>>> Just to make things clear: IP
On Sun, 25-Mar-2007 at 06:59:28 +1200, Andrew Thompson wrote:
> On Sat, Mar 24, 2007 at 02:19:46PM +0100, Volker wrote:
> > Andre,
> >
> > On 12/23/-58 20:59, Andre Albsmeier wrote:
> > > [Retrying on -pf...]
> > >
> > > (This is FreeBSD 6.2-STABLE as of yesterday using pf and FAST_IPSEC.)
> > >
On Sat, 24-Mar-2007 at 14:19:46 +0100, Volker wrote:
> Andre,
>
> On 12/23/-58 20:59, Andre Albsmeier wrote:
> > [Retrying on -pf...]
> >
> > (This is FreeBSD 6.2-STABLE as of yesterday using pf and FAST_IPSEC.)
> >
> > Yesterday I started to play around with enc0 in pf. I hoped I
> > could now
