[email protected] (Luis Mendes) writes: >Maybe I didn't explained correctly. >What I meant is that albeit I had several ports that should be open, by >the rules, only one as detected by a massive scan. >The "should be" is in my understanding only.
Yes. Just saying that a rule with multiple ports or port ranges works for me. >| # allow known IPSEC traffic >| pass out final proto udp from $ext_v4 \ >| port isakmp to $ipsec_peers port isakmp >| pass in final proto udp from $ipsec_peers \ >| port isakmp to $ext_v4 port isakmp >| pass out final proto esp from $ext_v4 to $ipsec_peers >| pass in final proto esp from $ipsec_peers to $ext_v4 >Regarding the $ipsec_peers, I don't have that information. >Maybe have to use 'any'. This is just copy and paste from my configuration. For "road warrior" settings with arbitrary IPs, this needs to be 'any'.
