[164724] in North American Network Operators' Group
Re: which firewall product?
daemon@ATHENA.MIT.EDU (Michael Brown)
Tue Jul 30 16:19:54 2013
Date: Tue, 30 Jul 2013 16:19:34 -0400
From: Michael Brown <michael@supermathie.net>
To: Charles N Wyble <charles-lists@knownelement.com>
In-Reply-To: <0a63d3fc-4506-41ce-90f5-e38402f68b8a@email.android.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In the pfSense UI, you create the physical interface as a GRE tunnel
then assign it to a logical interface against which you can apply the
firewall rules:
The screenshot is a GIF IPv6 he.net tunnel (this is 2.1RC0) but it works
the same way on 2.0.1.
Works great!
M.
On 13-07-30 04:10 PM, Charles N Wyble wrote:
> Not sure how bsd handles ipip connections. If it breaks them out as a dedicated interface (like it does for openvpn connections) , then rules can be applied and pfsense would be quite useful. The UI is very simple.
--
Michael Brown | The true sysadmin does not adjust his behaviour
Systems Administrator | to fit the machine. He adjusts the machine
michael@supermathie.net | until it behaves properly. With a hammer,
| if necessary. - Brian
