In message "pf tagging and matching over more than one interface ..."
on 11.11.2005, David fire <[EMAIL PROTECTED]> writes:
Df> you only tag the package to port 1194 in both case and you are allowing only
Df> tagged packaged to ports 22, 80, 443
Port 1194 on wan_if is handled by openvpn.
Then the data will be redirected to the
tun interface and there I'll filtering the
traffic.
Sorry, I did't explain enough.
Df> 2005/11/11, Karl-Heinz Wild <[EMAIL PROTECTED]>:
>>
>> I try to tag a connection on the wan_if and
>> accordingly on the tag I'll restrict the
>> access on an other interface like.
>>
>> an example ...
>>
>> pass in quick on wan_if proto tcp from <nuser> to port 1194 tag NORM
>> keep state
>> pass in quick on wan_if proto tcp from <puser> to port 1194 tag POWER
>> keep state
>>
>> pass in quick on tun_if to port { 80, 443 } tagged NORM keep state
>> pass in quick on tun_if to port { 22, 80, 443 } tagged POWER keep state
>>
>> ...
>>
>> but I don't know why. It doesn't work.
>> I thought that works.
>>
>> I ask for advice.
>> Thanks
>>
>> Karl-Heinz
