[src/trunk]: src/share/examples/npf just allow l2tp not regular ipsec.

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/123cae2c318f
branches:  trunk
changeset: 329515:123cae2c318f
user:      christos <christos%NetBSD.org@localhost>
date:      Tue May 27 23:24:42 2014 +0000

description:
just allow l2tp not regular ipsec.

diffstat:

 share/examples/npf/l2tp_gw-npf.conf |  7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)

diffs (17 lines):

diff -r af3c8c721036 -r 123cae2c318f share/examples/npf/l2tp_gw-npf.conf
--- a/share/examples/npf/l2tp_gw-npf.conf       Tue May 27 21:00:46 2014 +0000
+++ b/share/examples/npf/l2tp_gw-npf.conf       Tue May 27 23:24:42 2014 +0000
@@ -60,11 +60,8 @@
        #
        # L2TP/IPSEC-NAT-T Tunnels.
        #
-       pass in final proto udp from any to inet4($ext_if) port isakmp
-       pass in final proto esp from any to inet4($ext_if)
-       pass out final proto esp from any to inet4($ext_if)
-       pass in final proto ah from any to inet4($ext_if)
-       pass in final from any to inet4($ext_if) port "ipsec-nat-t"
+       pass stateful in final from any to inet4($ext_if) port "ipsec-nat-t"
+       pass stateful in final from any to inet4($ext_if) port l2tp
 
        #
        # Pass multicast.