On 04/11/11 23:48, Alexander Hall wrote:
> On 04/11/11 23:34, Matt S wrote:
>> Hello Everyone:
>>
>> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able
>> to
>> tell me why gre0 is not being skipped?
>>
>> set skip on lo
>> set skip on gre0
>> set skip on enc0
>
> You nee
On 2011-04-11, Matt S wrote:
> Unfortunately, pfctl -sl -v says nothing. So, now I have a ruleset like the
> one
-sI -v, not -sl -v.
> below. I have added a specific pass statement for the gre protocol. This
> works, however, I fear that it is insecure.
You will need to pass gre, but it d
Unfortunately, pfctl -sl -v says nothing. So, now I have a ruleset like the
one
below. I have added a specific pass statement for the gre protocol. This
works, however, I fear that it is insecure.
set skip on {lo, gre0, enc0}
anchor "ftp-proxy/*"
block in all
pass out all
antispoof for tu
On Mon, Apr 11, 2011 at 2:34 PM, Matt S wrote:
> Hello Everyone:
>
> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able
to
> tell me why gre0 is not being skipped?
>
> set skip on lo
> set skip on gre0
> set skip on enc0
pf.conf(5)
how about: set skip on { lo , gre0 , enc
On 2011-04-11, Matt S wrote:
> Hello Everyone:
>
> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able to
> tell me why gre0 is not being skipped?
>
> set skip on lo
> set skip on gre0
> set skip on enc0
What does pfctl -sI -v say?
Penned by Matt S on 20110411 16:59.09, we have:
| Okay, I did that but apparently I spoke too soon as a tcpdump reveals packets
| are still being blocked. Here is an example from a tcpdump on the pflog0
| interface:
|
| Apr 11 14:57:43.943764 rule 1/(match) block in on tun0: 172.16.254.2 >
| 1
Okay, I did that but apparently I spoke too soon as a tcpdump reveals packets
are still being blocked. Here is an example from a tcpdump on the pflog0
interface:
Apr 11 14:57:43.943764 rule 1/(match) block in on tun0: 172.16.254.2 >
10.40.60.1: icmp: echo request (gre encap)
I guess I need to
DOH! I was following a how-to that showed two separate statements for set skip
on. Works great now! My apologies for the stupid question.
On Mon, Apr 11, 2011 at 2:34 PM, Matt S wrote:
> Hello Everyone:
>
> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able to
> tell me
On 04/11/11 23:34, Matt S wrote:
> Hello Everyone:
>
> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able to
> tell me why gre0 is not being skipped?
>
> set skip on lo
> set skip on gre0
> set skip on enc0
You need to combine them, or they override each other.
set skip
Sorry, I forgot to mention that 10.40.65.0 is the remote network trying to
connect to this machine over the GRE tunnel
From: Matt S
To: misc@openbsd.org
Sent: Mon, April 11, 2011 2:34:58 PM
Subject: pf: set skip option
Hello Everyone:
I am using 4.8 RELEASE.
10 matches
Mail list logo
