mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-03 03:59:16 +01:00
Add more config info for OpenVPN
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2859 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
bca5b8a8ef
commit
5efcf21b43
@ -21,7 +21,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2005-09-30</pubdate>
|
||||
<pubdate>2005-10-12</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2003</year>
|
||||
@ -564,28 +564,82 @@ verb 3</programlisting>
|
||||
url="SimpleBridge.html">Simple Bridge documentation</ulink>.</para>
|
||||
|
||||
<section>
|
||||
<title>/etc/shorewall/interfaces</title>
|
||||
<title>Firewall</title>
|
||||
|
||||
<para>Note that the bridge (br0) is defined as the interface to the
|
||||
local zone and has the <emphasis role="bold">routeback</emphasis>
|
||||
option.</para>
|
||||
<section>
|
||||
<title>/etc/shorewall/interfaces</title>
|
||||
|
||||
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS
|
||||
<para>Note that the bridge (br0) is defined as the interface to the
|
||||
local zone and has the <emphasis role="bold">routeback</emphasis>
|
||||
option.</para>
|
||||
|
||||
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS
|
||||
net eth2 206.124.146.255 dhcp,norfc1918,logmartians,blacklist,tcpflags,nosmurfs
|
||||
loc br0 192.168.1.255 dhcp,<emphasis role="bold">routeback</emphasis>
|
||||
dmz eth1 - logmartians
|
||||
Wifi eth0 192.168.3.255 dhcp,maclist
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>/etc/shorewall/tunnels</title>
|
||||
|
||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY
|
||||
# ZONE
|
||||
openvpnserver:1194 Wifi 192.168.3.0/24
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>/etc/shorewall/tunnels</title>
|
||||
<title>Tipper</title>
|
||||
|
||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY
|
||||
# ZONE
|
||||
openvpn-server:1194 Wifi 192.168.3.0/24
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
|
||||
<section>
|
||||
<title>/etc/shorewall/zones</title>
|
||||
|
||||
<programlisting>#ZONE IPSEC OPTIONS IN OUT
|
||||
# ONLY OPTIONS OPTIONS
|
||||
<emphasis role="bold">home ipv4</emphasis> #Wired LAN at our home
|
||||
net ipv4
|
||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
||||
</programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>/etc/shorewall/interfaces</title>
|
||||
|
||||
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS
|
||||
#
|
||||
net eth0 detect routefilter,dhcp,tcpflags
|
||||
<emphasis role="bold">home tap0 192.168.1.255</emphasis>
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||
</programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>/etc/shorewall/policy</title>
|
||||
|
||||
<para>Since we don't expect any traffic between the <emphasis
|
||||
role="bold">net</emphasis> zone and the <emphasis
|
||||
role="bold">home</emphasis> zone, we use NONE policies for that
|
||||
traffic. If any such traffic should occur, it will be handled
|
||||
according to the all->all policy.</para>
|
||||
|
||||
<programlisting>#SOURCE DEST POLICY LOG LIMIT:BURST
|
||||
# LEVEL
|
||||
fw net ACCEPT
|
||||
<emphasis role="bold">fw home ACCEPT
|
||||
home fw ACCEPT
|
||||
net home NONE
|
||||
home net NONE</emphasis>
|
||||
net all DROP info
|
||||
# The FOLLOWING POLICY MUST BE LAST
|
||||
all all REJECT info
|
||||
#LAST LINE -- DO NOT REMOVE
|
||||
</programlisting>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
</article>
|
||||
Loading…
Reference in New Issue
Block a user