diff options
| author | Jason McIntyre <jmc@cvs.openbsd.org> | 2006-10-19 08:52:26 +0000 |
|---|---|---|
| committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2006-10-19 08:52:26 +0000 |
| commit | a90aef50ca13ee559b717d77291ab956ddfaf536 (patch) | |
| tree | 93f16702021f7f9216c5cc3407d47f08b25bd791 /share/man | |
| parent | 9b9881aca8ee8869e15aa75129646d07753fc3cc (diff) | |
note that all rules using enc0 should specify: keep state (if-bound)
Diffstat (limited to 'share/man')
| -rw-r--r-- | share/man/man4/enc.4 | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/share/man/man4/enc.4 b/share/man/man4/enc.4 index eaf60bac152..f517d6858e1 100644 --- a/share/man/man4/enc.4 +++ b/share/man/man4/enc.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: enc.4,v 1.22 2006/05/26 08:51:29 jmc Exp $ +.\" $OpenBSD: enc.4,v 1.23 2006/10/19 08:52:25 jmc Exp $ .\" .\" Copyright (c) 1999 Angelos D. Keromytis .\" All rights reserved. @@ -64,6 +64,13 @@ and all IPsec traffic could be seen by invoking on the .Dq enc0 interface. +Filter rules on the enc0 interface should explicitly set +.Dq keep state (if-bound) . +See +.Xr pf.conf 5 +and +.Xr ipsec.conf 5 +for more information on filtering IPsec traffic. .Sh EXAMPLES To see all outgoing packets before they have been processed via .Xr ipsec 4 , @@ -76,4 +83,6 @@ or all incoming packets after they have been similarly processed: .Xr ipsec 4 , .Xr netintro 4 , .Xr pf 4 , +.Xr ipsec.conf 5 , +.Xr pf.conf 5 , .Xr tcpdump 8 |