Bug 213394

Summary: Wrong Firewall Rule for IPSEC Configuration
Product: Documentation Reporter: Jan Riedinger <riedinger>
Component: DocumentationAssignee: freebsd-doc mailing list <doc>
Status: New ---    
Severity: Affects Some People CC: riedinger
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description Jan Riedinger 2016-10-11 21:30:13 UTC
In section "13.7. VPN over IPsec" it is written that you shall configure the Firewall rule "ipfw add 00204 allow log udp from any 500 to any". This opens the Firewall for all incoming udp packets if the source port 500 is used. I don't have much expirience with the IPSEC configuration, but because if the instructions, which follow for the pf or ipf users I assume the correct rule is  "ipfw add 00204 allow log udp from any 500 to any".
Comment 1 Jan Riedinger 2016-10-11 21:32:03 UTC
The correct rule is probably "ipfw add 00204 allow log udp from any 500 to any 500"