NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Help npf, only one port opened, but several expected.
luisvmendes%yandex.com@localhost (Luis Mendes) writes:
>Maybe I didn't explained correctly.
>What I meant is that albeit I had several ports that should be open, by
>the rules, only one as detected by a massive scan.
>The "should be" is in my understanding only.
Yes. Just saying that a rule with multiple ports or port ranges works
for me.
>| # allow known IPSEC traffic
>| pass out final proto udp from $ext_v4 \
>| port isakmp to $ipsec_peers port isakmp
>| pass in final proto udp from $ipsec_peers \
>| port isakmp to $ext_v4 port isakmp
>| pass out final proto esp from $ext_v4 to $ipsec_peers
>| pass in final proto esp from $ipsec_peers to $ext_v4
>Regarding the $ipsec_peers, I don't have that information.
>Maybe have to use 'any'.
This is just copy and paste from my configuration. For "road warrior"
settings with arbitrary IPs, this needs to be 'any'.
Home |
Main Index |
Thread Index |
Old Index