Re: Help npf, only one port opened, but several expected.

[Luis Mendes <luisvmendes%yandex.com@localhost>]

Hello Michael,

Just a top post to thank you, your suggestion worked fine and I'm able
to use NetBSD for the router/firewall, solution that I prefer.


Best regards,

Luís



Em Mon, 22 Sep 2025 19:59:00 -0000 (UTC), mlelstv%serpens.de@localhost (Michael
van Elst) escreveu:

|  luisvmendes%yandex.com@localhost (Luis Mendes) writes:
|  
|  >Maybe I didn't explained correctly.
|  >What I meant is that albeit I had several ports that should be
open, by |  >the rules, only one as detected by a massive scan.
|  >The "should be" is in my understanding only.  
|  
|  Yes. Just saying that a rule with multiple ports or port ranges works
|  for me.
|  
|  
|  >|          # allow known IPSEC traffic
|  >|          pass out final proto udp from $ext_v4 \
|  >|                  port isakmp to $ipsec_peers port isakmp
|  >|          pass in final proto udp from $ipsec_peers \
|  >|                  port isakmp to $ext_v4 port isakmp
|  >|          pass out final proto esp from $ext_v4 to $ipsec_peers
|  >|          pass in final proto esp from $ipsec_peers to $ext_v4  
|  
|  >Regarding the $ipsec_peers, I don't have that information.
|  >Maybe have to use 'any'.  
|  
|  This is just copy and paste from my configuration. For "road warrior"
|  settings with arbitrary IPs, this needs to be 'any'.
|  
|