On Mon, 26-Mar-2007 at 17:07:47 +1200, Andrew Thompson wrote: > On Mon, Mar 26, 2007 at 02:58:20AM +0200, Volker wrote: > > Andrew, Andre & all, > > > > I've checked it out once more (with a corrected setup) and now have > > been able to block traffic on enc0 in both directions (no matter if > > the tunnel endpoint is final destination or not). > > Great. Thanks for looking into it anyway.
Andrew, I can now confirm Volkers findings for non-GIF-based IPSec tunnels. On GIF-based setups only outgoing packets can be controlled in pf on enc0. I have filed a PR regarding this issue: http://www.freebsd.org/cgi/query-pr.cgi?pr=110959 Thanks to all for their help so far, -Andre _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
