PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
Various VPNs use the esp, gre protocols, also remember isakmp (udp port 500 for key exchange)
pass quick inet proto esp pass quick inet proto udp to port isakmp ## udp port 500 for key exchange pass quick proto gre
Since we filter on anything that's in /etc/protocols you can even have
pass quick proto l2tp # Layer Two Tunneling Protocol
Note: Your context may require more restrictive criteria