Add L2TP Tunnel support

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8273 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-09 01:04:06 +01:00 · 2008-03-08 20:49:41 +00:00 · 2008-03-08 20:49:41 +00:00 · fcea8abc60
commit fcea8abc60
parent 1e7c0d0947
3 changed files with 18 additions and 0 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -4,6 +4,8 @@ Changes in 4.1.6

 2)  Add REDIRECTED INTERFACES column to tcdevices.

+3)  Add L2TP tunnel support.
+
 Changes in 4.1.5

 1)  More ruleset optimization.
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -91,6 +91,12 @@ New Features in 4.1.6.

    This support should be considered EXPERIMENTAL.

+3)  Shorewall-perl now supports an 'l2tp' tunnel type. It opens UDP
+    port 1701 in both directions and assumes that the source port will
+    also be 1701. Some implementations (particularly OS X) use a
+    different source port. In that case, you should use
+    'generic:udp:1701' rather than 'l2tp'.
+
 New Features in Shorewall 4.1.

 1)  Shorewall 4.1 contains support for multiple Internet providers
--- a/Shorewall-perl/Shorewall/Tunnels.pm
+++ b/Shorewall-perl/Shorewall/Tunnels.pm
@ -206,6 +206,15 @@ sub setup_tunnels() {
 	add_rule $outchainref, "-p $protocol $dest --sport $port -j ACCEPT";
    }

+    sub setup_one_l2tp {
+	my ($inchainref, $outchainref, $kind, $source, $dest) = @_;
+
+	fatal_error "Unknown option ($1)" if $kind =~ /^.*?:(.*)$/;
+
+	add_rule $inchainref,  "-p udp $source --sport 1701 --dport 1701 -j ACCEPT";
+	add_rule $outchainref, "-p udp $dest   --sport 1701 --dport 1701 -j ACCEPT";
+    }
+
    sub setup_one_generic {
 	my ($inchainref, $outchainref, $kind, $source, $dest) = @_;

@ -249,6 +258,7 @@ sub setup_tunnels() {
 			    'openvpn'       => { function => \&setup_one_openvpn,        params   => [ $kind, $source, $dest ] } ,
 			    'openvpnclient' => { function => \&setup_one_openvpn_client, params   => [ $kind, $source, $dest ] } ,
 			    'openvpnserver' => { function => \&setup_one_openvpn_server, params   => [ $kind, $source, $dest ] } ,
+			    'l2tp'          => { function => \&setup_one_l2tp ,          params   => [ $kind, $source, $dest ] } ,
 			    'generic'       => { function => \&setup_one_generic ,       params   => [ $kind, $source, $dest ] } ,
 			  );