| Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016 | ||
|---|---|---|
| Prev | Next | |
Various VPNs use the esp, gre protocols, also remember isakmp (udp port 500 for key exchange)
pass quick inet proto esp pass quick inet proto udp to port isakmp ## udp port 500 for key exchange pass quick proto gre
Since we filter on anything that's in /etc/protocols you can even have
pass quick proto l2tp # Layer Two Tunneling Protocol
Note: Your context may require more restrictive criteria