Add more config info for OpenVPN

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2859 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-03 03:59:16 +01:00 · 2005-10-12 15:25:01 +00:00 · 2005-10-12 15:25:01 +00:00 · 5efcf21b43
commit 5efcf21b43
parent bca5b8a8ef
1 changed files with 82 additions and 28 deletions
--- a/Shorewall-docs2/OPENVPN.xml
+++ b/Shorewall-docs2/OPENVPN.xml
@ -21,7 +21,7 @@
      </author>
    </authorgroup>

-    <pubdate>2005-09-30</pubdate>
+    <pubdate>2005-10-12</pubdate>

    <copyright>
      <year>2003</year>
@ -563,6 +563,9 @@ verb 3</programlisting>
      configuration of the bridge then becomes as described in the <ulink
      url="SimpleBridge.html">Simple Bridge documentation</ulink>.</para>

+      <section>
+        <title>Firewall</title>
+
        <section>
          <title>/etc/shorewall/interfaces</title>

@ -583,9 +586,60 @@ Wifi    eth0            192.168.3.255           dhcp,maclist

          <programlisting>#TYPE                   ZONE    GATEWAY         GATEWAY
 #                                               ZONE
-openvpn-server:1194     Wifi    192.168.3.0/24
+openvpnserver:1194      Wifi    192.168.3.0/24
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
        </section>
      </section>
+
+      <section>
+        <title>Tipper</title>
+
+        <section>
+          <title>/etc/shorewall/zones</title>
+
+          <programlisting>#ZONE   IPSEC   OPTIONS                 IN                      OUT
+#       ONLY                            OPTIONS                 OPTIONS
+<emphasis role="bold">home    ipv4</emphasis>    #Wired LAN at our home
+net     ipv4
+#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
+</programlisting>
        </section>
+
+        <section>
+          <title>/etc/shorewall/interfaces</title>
+
+          <programlisting>#ZONE    INTERFACE      BROADCAST       OPTIONS
+#
+net     eth0            detect          routefilter,dhcp,tcpflags
+<emphasis role="bold">home    tap0            192.168.1.255</emphasis>
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+</programlisting>
+        </section>
+
+        <section>
+          <title>/etc/shorewall/policy</title>
+
+          <para>Since we don't expect any traffic between the <emphasis
+          role="bold">net</emphasis> zone and the <emphasis
+          role="bold">home</emphasis> zone, we use NONE policies for that
+          traffic. If any such traffic should occur, it will be handled
+          according to the all-&gt;all policy.</para>
+
+          <programlisting>#SOURCE         DEST            POLICY          LOG             LIMIT:BURST
+#                                               LEVEL
+fw              net             ACCEPT
+<emphasis role="bold">fw              home            ACCEPT
+home            fw              ACCEPT
+net             home            NONE
+home            net             NONE</emphasis>
+net             all             DROP            info
+# The FOLLOWING POLICY MUST BE LAST
+all             all             REJECT          info
+#LAST LINE -- DO NOT REMOVE
+</programlisting>
+        </section>
+      </section>
+    </section>
+  </section>
+
 </article>