From d2139f3aa4aaf1e5e623c255a4683b5d17712722 Mon Sep 17 00:00:00 2001
From: Jason McIntyre <jmc@cvs.openbsd.org>
Date: Wed, 13 Sep 2006 11:40:02 +0000
Subject: use "proto ipencap" for the gateway filter rules; pointed out by msf;
 explained by markus

---
 sbin/ipsecctl/ipsec.conf.5 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'sbin/ipsecctl')

diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5
index 7edbfeea916..74850c09d7b 100644
--- a/sbin/ipsecctl/ipsec.conf.5
+++ b/sbin/ipsecctl/ipsec.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ipsec.conf.5,v 1.92 2006/09/12 15:20:58 jmc Exp $
+.\"	$OpenBSD: ipsec.conf.5,v 1.93 2006/09/13 11:40:01 jmc Exp $
 .\"
 .\" Copyright (c) 2004 Mathieu Sauve-Frankel  All rights reserved.
 .\"
@@ -688,8 +688,8 @@ and networks 10.0.1.0/24 and 10.0.2.0/24,
 are permitted.
 .Bd -literal -offset indent
 block on enc0
-pass in on enc0 from 192.168.3.2 to 192.168.3.1
-pass out on enc0 from 192.168.3.1 to 192.168.3.2
+pass in on enc0 proto ipencap from 192.168.3.2 to 192.168.3.1
+pass out on enc0 proto ipencap from 192.168.3.1 to 192.168.3.2
 pass in on enc0 from 10.0.2.0/24 to 10.0.1.0/24
 pass out on enc0 from 10.0.1.0/24 to 10.0.2.0/24
 .Ed
-- 
cgit v1.2.3