Module Name: src
Committed By: christos
Date: Tue May 27 23:24:42 UTC 2014
Modified Files:
src/share/examples/npf: l2tp_gw-npf.conf
Log Message:
just allow l2tp not regular ipsec.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/share/examples/npf/l2tp_gw-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/npf/l2tp_gw-npf.conf
diff -u src/share/examples/npf/l2tp_gw-npf.conf:1.2 src/share/examples/npf/l2tp_gw-npf.conf:1.3
--- src/share/examples/npf/l2tp_gw-npf.conf:1.2 Fri Sep 20 13:51:04 2013
+++ src/share/examples/npf/l2tp_gw-npf.conf Tue May 27 19:24:42 2014
@@ -60,11 +60,8 @@ group "external" on $ext_if {
#
# L2TP/IPSEC-NAT-T Tunnels.
#
- pass in final proto udp from any to inet4($ext_if) port isakmp
- pass in final proto esp from any to inet4($ext_if)
- pass out final proto esp from any to inet4($ext_if)
- pass in final proto ah from any to inet4($ext_if)
- pass in final from any to inet4($ext_if) port "ipsec-nat-t"
+ pass stateful in final from any to inet4($ext_if) port "ipsec-nat-t"
+ pass stateful in final from any to inet4($ext_if) port l2tp
#
# Pass multicast.
