gateway: write more about verifying and applying the new config

author: Dante Catalfamo 2020-08-16 22:17:20 -0400
committer: Dante Catalfamo 2020-08-16 22:17:20 -0400
commit: b99f05c396f655b79dd988cc9ef231ad185ad85b (patch)
tree: 051e8a80b8b749ad15f036513a1ccef4afdad378 /content/posts/openbsd-vpn-gateway/index.org
parent: d69a1482c9c27c2f285153391b97209891e97786 (diff)
download: blog-b99f05c396f655b79dd988cc9ef231ad185ad85b.tar.gz
blog-b99f05c396f655b79dd988cc9ef231ad185ad85b.tar.bz2
blog-b99f05c396f655b79dd988cc9ef231ad185ad85b.zip
1 files changed, 15 insertions, 1 deletions
diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org
index e2bcf9b..f77b6f8 100644
--- a/content/posts/openbsd-vpn-gateway/index.org
+++ b/content/posts/openbsd-vpn-gateway/index.org
@@ -356,4 +356,18 @@
       updated. This way pf is always using the IP address currently
       assigned to the interface, even if it changes.
 
-  - =pass out on $vpn_if= Pass packets out on the OpenVPN interface.
+  - =pass out on $vpn_if= Pass packets out on the VPN tunnel interface
+    interface.
+
+  After writing new PF rules, we can check our file for syntax errors
+  before loading it using the =pfctl= command.
+
+  #+BEGIN_SRC shell
+  doas pfctl -nf /etc/pf.conf
+  #+END_SRC
+
+  Assuming there are no errors, we can then load the rule set.
+
+  #+BEGIN_SRC shell
+  dosa pfctl -f /etc/pf.conf
+  #+END_SRC
author	Dante Catalfamo	2020-08-16 22:17:20 -0400
committer	Dante Catalfamo	2020-08-16 22:17:20 -0400
commit	b99f05c396f655b79dd988cc9ef231ad185ad85b (patch)
tree	051e8a80b8b749ad15f036513a1ccef4afdad378 /content/posts/openbsd-vpn-gateway/index.org
parent	d69a1482c9c27c2f285153391b97209891e97786 (diff)
download	blog-b99f05c396f655b79dd988cc9ef231ad185ad85b.tar.gz blog-b99f05c396f655b79dd988cc9ef231ad185ad85b.tar.bz2 blog-b99f05c396f655b79dd988cc9ef231ad185ad85b.zip