pf not checking traffic from tunnels
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Tue May 30 16:22:20 UTC 2017
On 30 May 2017, at 16:17, Kajetan Staszkiewicz wrote:
> Hello,
>
> I have a setup where FreeBSD-based routers serving datacenters are
> connected
> via gif tunnels which are additionally encrypted using transport mode
> IPsec.
> Each router runs pf and provides firewalling between multiple VLANs.
> Tunnel
> interfaces were always trusted, though.
..
> Is there any option to check from userspace if the gif interface has
> pf
> attached in netpfil hook for incoming traffic? Running tcpdump on gif
> interface correctly shows incoming icmp echo request.
What you want to read is
man 4 enc
I think.
/bz
More information about the freebsd-pf
mailing list