extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-05 13:08:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add tinc tunnel support

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-01-13 13:28:37 -08:00
parent 83431514fb
commit 28ac76bde4
3 changed files with 39 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/Perl/Shorewall/Tunnels.pm
View File

@ -132,6 +132,13 @@ sub setup_tunnels() {
add_tunnel_rule $inchainref, p => 'tcp --dport 1723', @$source add_tunnel_rule $inchainref, p => 'tcp --dport 1723', @$source
} }
sub setup_one_tinc {
my ( $inchainref, $outchainref, $kind, $source, $dest ) = @_;
add_tunnel_rule $inchainref, p => 'udp --dport 655', @$source;
add_tunnel_rule $outchainref, p => 'udp --dport 655', @$dest;
}
sub setup_one_openvpn { sub setup_one_openvpn {
my ($inchainref, $outchainref, $kind, $source, $dest) = @_; my ($inchainref, $outchainref, $kind, $source, $dest) = @_;
@ -154,7 +161,7 @@ sub setup_tunnels() {
} }
add_tunnel_rule $inchainref, p => "$protocol --dport $port", @$source; add_tunnel_rule $inchainref, p => "$protocol --dport $port", @$source;
add_tunnel_rule $outchainref, p => "$protocol --dport $port", @$dest;; add_tunnel_rule $outchainref, p => "$protocol --dport $port", @$dest;
} }
sub setup_one_openvpn_client { sub setup_one_openvpn_client {
@ -263,6 +270,7 @@ sub setup_tunnels() {
'6in4' => { function => \&setup_one_other, params => [ \@source, \@dest , 41 ] } , '6in4' => { function => \&setup_one_other, params => [ \@source, \@dest , 41 ] } ,
'pptpclient' => { function => \&setup_pptp_client, params => [ $kind, \@source, \@dest ] } , 'pptpclient' => { function => \&setup_pptp_client, params => [ $kind, \@source, \@dest ] } ,
'pptpserver' => { function => \&setup_pptp_server, params => [ $kind, \@source, \@dest ] } , 'pptpserver' => { function => \&setup_pptp_server, params => [ $kind, \@source, \@dest ] } ,
'tinc' => { function => \&setup_one_tinc, params => [ $kind, \@source, \@dest ] } ,
'openvpn' => { function => \&setup_one_openvpn, params => [ $kind, \@source, \@dest ] } , 'openvpn' => { function => \&setup_one_openvpn, params => [ $kind, \@source, \@dest ] } ,
'openvpnclient' => { function => \&setup_one_openvpn_client, params => [ $kind, \@source, \@dest ] } , 'openvpnclient' => { function => \&setup_one_openvpn_client, params => [ $kind, \@source, \@dest ] } ,
'openvpnserver' => { function => \&setup_one_openvpn_server, params => [ $kind, \@source, \@dest ] } , 'openvpnserver' => { function => \&setup_one_openvpn_server, params => [ $kind, \@source, \@dest ] } ,

16
Shorewall/manpages/shorewall-tunnels.xml
View File

@ -70,7 +70,8 @@
<emphasis role="bold">openvpn</emphasis> - OpenVPN in point-to-point mode <emphasis role="bold">openvpn</emphasis> - OpenVPN in point-to-point mode
<emphasis role="bold">openvpnclient</emphasis> - OpenVPN client runs on the firewall <emphasis role="bold">openvpnclient</emphasis> - OpenVPN client runs on the firewall
<emphasis role="bold">openvpnserver</emphasis> - OpenVPN server runs on the firewall <emphasis role="bold">openvpnserver</emphasis> - OpenVPN server runs on the firewall
<emphasis role="bold">generic</emphasis> - Other tunnel type</programlisting> <emphasis role="bold">generic</emphasis> - Other tunnel type
<emphasis role="bold">tinc</emphasis> - TINC (added in Shorewall 4.6.6)</programlisting>
<para>If the type is <emphasis role="bold">ipsec</emphasis>, it may <para>If the type is <emphasis role="bold">ipsec</emphasis>, it may
be followed by <emphasis role="bold">:ah</emphasis> to indicate that be followed by <emphasis role="bold">:ah</emphasis> to indicate that
@ -270,6 +271,19 @@
generic:udp:4444 net 4.3.99.124</programlisting> generic:udp:4444 net 4.3.99.124</programlisting>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>Example 9:</term>
<listitem>
<para>TINC tunnel where the remote gateways are not specified. If
you wish to specify a list of gateways, you can do so in the GATEWAY
column.</para>
<programlisting> #TYPE ZONE GATEWAY GATEWAY ZONES
tinc net 0.0.0.0/0</programlisting>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>

16
Shorewall6/manpages/shorewall6-tunnels.xml
View File

@ -65,7 +65,8 @@
<emphasis role="bold">openvpn</emphasis> - OpenVPN in point-to-point mode <emphasis role="bold">openvpn</emphasis> - OpenVPN in point-to-point mode
<emphasis role="bold">openvpnclient</emphasis> - OpenVPN client runs on the firewall <emphasis role="bold">openvpnclient</emphasis> - OpenVPN client runs on the firewall
<emphasis role="bold">openvpnserver</emphasis> - OpenVPN server runs on the firewall <emphasis role="bold">openvpnserver</emphasis> - OpenVPN server runs on the firewall
<emphasis role="bold">generic</emphasis> - Other tunnel type</programlisting> <emphasis role="bold">generic</emphasis> - Other tunnel type
<emphasis role="bold">tinc</emphasis> - TINC (added in Shorewall 4.6.6)</programlisting>
<para>If the type is <emphasis role="bold">ipsec</emphasis>, it may <para>If the type is <emphasis role="bold">ipsec</emphasis>, it may
be followed by <emphasis role="bold">:ah</emphasis> to indicate that be followed by <emphasis role="bold">:ah</emphasis> to indicate that
@ -229,6 +230,19 @@
generic:udp:4444 net 2001:cec792b4:1::44</programlisting> generic:udp:4444 net 2001:cec792b4:1::44</programlisting>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>Example 9:</term>
<listitem>
<para>TINC tunnel where the remote gateways are not specified. If
you wish to specify a list of gateways, you can do so in the GATEWAY
column.</para>
<programlisting> #TYPE ZONE GATEWAY GATEWAY ZONES
tinc net ::/0</programlisting>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>