On 04/11/11 23:48, Alexander Hall wrote:
> On 04/11/11 23:34, Matt S wrote:
>> Hello Everyone:
>>
>> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able
>> to
>> tell me why gre0 is not being skipped?
>>
>> set skip on lo
>> set skip on gre0
>> set skip on enc0
>
> You nee
On 2011-04-11, Matt S wrote:
> Unfortunately, pfctl -sl -v says nothing. So, now I have a ruleset like the
> one
-sI -v, not -sl -v.
> below. I have added a specific pass statement for the gre protocol. This
> works, however, I fear that it is insecure.
You will need to pass gre, but it d
Unfortunately, pfctl -sl -v says nothing. So, now I have a ruleset like the
one
below. I have added a specific pass statement for the gre protocol. This
works, however, I fear that it is insecure.
set skip on {lo, gre0, enc0}
anchor "ftp-proxy/*"
block in all
pass out all
antispoof for tu
On Mon, Apr 11, 2011 at 2:34 PM, Matt S wrote:
> Hello Everyone:
>
> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able
to
> tell me why gre0 is not being skipped?
>
> set skip on lo
> set skip on gre0
> set skip on enc0
pf.conf(5)
how about: set skip on { lo , gre0 , enc
On 2011-04-11, Matt S wrote:
> Hello Everyone:
>
> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able to
> tell me why gre0 is not being skipped?
>
> set skip on lo
> set skip on gre0
> set skip on enc0
What does pfctl -sI -v say?
Penned by Matt S on 20110411 16:59.09, we have:
| Okay, I did that but apparently I spoke too soon as a tcpdump reveals packets
| are still being blocked. Here is an example from a tcpdump on the pflog0
| interface:
|
| Apr 11 14:57:43.943764 rule 1/(match) block in on tun0: 172.16.254.2 >
| 1
Okay, I did that but apparently I spoke too soon as a tcpdump reveals packets
are still being blocked. Here is an example from a tcpdump on the pflog0
interface:
Apr 11 14:57:43.943764 rule 1/(match) block in on tun0: 172.16.254.2 >
10.40.60.1: icmp: echo request (gre encap)
I guess I need to
DOH! I was following a how-to that showed two separate statements for set skip
on. Works great now! My apologies for the stupid question.
On Mon, Apr 11, 2011 at 2:34 PM, Matt S wrote:
> Hello Everyone:
>
> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able to
> tell me
On 04/11/11 23:34, Matt S wrote:
> Hello Everyone:
>
> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able to
> tell me why gre0 is not being skipped?
>
> set skip on lo
> set skip on gre0
> set skip on enc0
You need to combine them, or they override each other.
set skip
Sorry, I forgot to mention that 10.40.65.0 is the remote network trying to
connect to this machine over the GRE tunnel
From: Matt S
To: misc@openbsd.org
Sent: Mon, April 11, 2011 2:34:58 PM
Subject: pf: set skip option
Hello Everyone:
I am using 4.8 RELEASE
Hello Everyone:
I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able to
tell me why gre0 is not being skipped?
set skip on lo
set skip on gre0
set skip on enc0
anchor "ftp-proxy/*"
block in all
pass out all
antispoof for tun0
table persist
table {10.40.60.0/24, 10.40.6
11 matches
Mail list logo
