Re: Help npf, only one port opened, but several expected.

To: netbsd-users%netbsd.org@localhost
Subject: Re: Help npf, only one port opened, but several expected.
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Mon, 22 Sep 2025 19:59:00 -0000 (UTC)

luisvmendes%yandex.com@localhost (Luis Mendes) writes:

>Maybe I didn't explained correctly.
>What I meant is that albeit I had several ports that should be open, by
>the rules, only one as detected by a massive scan.
>The "should be" is in my understanding only.

Yes. Just saying that a rule with multiple ports or port ranges works
for me.


>|          # allow known IPSEC traffic
>|          pass out final proto udp from $ext_v4 \
>|                  port isakmp to $ipsec_peers port isakmp
>|          pass in final proto udp from $ipsec_peers \
>|                  port isakmp to $ext_v4 port isakmp
>|          pass out final proto esp from $ext_v4 to $ipsec_peers
>|          pass in final proto esp from $ipsec_peers to $ext_v4

>Regarding the $ipsec_peers, I don't have that information.
>Maybe have to use 'any'.

This is just copy and paste from my configuration. For "road warrior"
settings with arbitrary IPs, this needs to be 'any'.

Follow-Ups:
- Re: Help npf, only one port opened, but several expected.
  - From: Luis Mendes

References:
- Help npf, only one port opened, but several expected.
  - From: Luis Mendes
- Re: Help npf, only one port opened, but several expected.
  - From: Michael van Elst
- Re: Help npf, only one port opened, but several expected.
  - From: Luis Mendes

Prev by Date: Re: /dev/ulpt0 printing [solved]
Next by Date: Re: 11 beta `make release' fails at makestrs.c
Previous by Thread: Re: Help npf, only one port opened, but several expected.
Next by Thread: Re: Help npf, only one port opened, but several expected.
Indexes:

Home | Main Index | Thread Index | Old Index