In addition to pass encapsulated traffic by the rules below:
pass in log inet proto {ipencap, encap, etherip} from any to any keep state
(if-bound)
pass out log inet proto {ipencap, encap, etherip} from any to any keep state
(if-bound)
I set incoming rule for ICMP traffic pass from tun0 and gif
Some updates
ipv6-icmp for both ends with IPv6 addresses works well even without 'set skip':
pass in on tun0 inet6 proto ipv6-icmp all icmp6-type {toobig, echoreq} keep
state
So it confirmed filtering for IPv6 is working for tun0, but do not work for
IPv4 encapsulated for some reason.
Please
Hello list,
IPv4 encapsulated traffic always hit rule:
block log (all, to pflog0)
If I set in pf.conf on both tunnel sides:
set skip on {tun0, gif0}
I can ping both IPv4 tunnel ends, but rdr-to rules don't work for IPv4
encapsulated packets this way.
I've tried to allow encap protocol right
3 matches
Mail list logo
