Hello Michael, Just a top post to thank you, your suggestion worked fine and I'm able to use NetBSD for the router/firewall, solution that I prefer.
Best regards, Luís Em Mon, 22 Sep 2025 19:59:00 -0000 (UTC), [email protected] (Michael van Elst) escreveu: | [email protected] (Luis Mendes) writes: | | >Maybe I didn't explained correctly. | >What I meant is that albeit I had several ports that should be open, by | >the rules, only one as detected by a massive scan. | >The "should be" is in my understanding only. | | Yes. Just saying that a rule with multiple ports or port ranges works | for me. | | | >| # allow known IPSEC traffic | >| pass out final proto udp from $ext_v4 \ | >| port isakmp to $ipsec_peers port isakmp | >| pass in final proto udp from $ipsec_peers \ | >| port isakmp to $ext_v4 port isakmp | >| pass out final proto esp from $ext_v4 to $ipsec_peers | >| pass in final proto esp from $ipsec_peers to $ext_v4 | | >Regarding the $ipsec_peers, I don't have that information. | >Maybe have to use 'any'. | | This is just copy and paste from my configuration. For "road warrior" | settings with arbitrary IPs, this needs to be 'any'. | |
