On 2015-01-11 19:40, Moshe Katz wrote:
Depending on how complex your rules are, you could also create "negative" versions of them that explicitly block that traffic on all other interfaces except the VPN. (Aliases could help simplify that, but you may or may not actually want to do it, depending on the rule complexity.)
I'd love an option to reject/drop/whatever traffic destined to unavailable gateways, this is far better than leaking the traffic out the wrong gateway for my purposes. However, at the moment it adds a fairly significant amount of overhead to have to duplicate every rule with a "Or else just reject the above..."
It's functional, but a hassle. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
