Add L2TP Tunnel support

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8273 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-03-08 20:49:41 +00:00
parent 1e7c0d0947
commit fcea8abc60
3 changed files with 18 additions and 0 deletions

View File

@ -4,6 +4,8 @@ Changes in 4.1.6
2) Add REDIRECTED INTERFACES column to tcdevices.
3) Add L2TP tunnel support.
Changes in 4.1.5
1) More ruleset optimization.

View File

@ -91,6 +91,12 @@ New Features in 4.1.6.
This support should be considered EXPERIMENTAL.
3) Shorewall-perl now supports an 'l2tp' tunnel type. It opens UDP
port 1701 in both directions and assumes that the source port will
also be 1701. Some implementations (particularly OS X) use a
different source port. In that case, you should use
'generic:udp:1701' rather than 'l2tp'.
New Features in Shorewall 4.1.
1) Shorewall 4.1 contains support for multiple Internet providers

View File

@ -206,6 +206,15 @@ sub setup_tunnels() {
add_rule $outchainref, "-p $protocol $dest --sport $port -j ACCEPT";
}
sub setup_one_l2tp {
my ($inchainref, $outchainref, $kind, $source, $dest) = @_;
fatal_error "Unknown option ($1)" if $kind =~ /^.*?:(.*)$/;
add_rule $inchainref, "-p udp $source --sport 1701 --dport 1701 -j ACCEPT";
add_rule $outchainref, "-p udp $dest --sport 1701 --dport 1701 -j ACCEPT";
}
sub setup_one_generic {
my ($inchainref, $outchainref, $kind, $source, $dest) = @_;
@ -249,6 +258,7 @@ sub setup_tunnels() {
'openvpn' => { function => \&setup_one_openvpn, params => [ $kind, $source, $dest ] } ,
'openvpnclient' => { function => \&setup_one_openvpn_client, params => [ $kind, $source, $dest ] } ,
'openvpnserver' => { function => \&setup_one_openvpn_server, params => [ $kind, $source, $dest ] } ,
'l2tp' => { function => \&setup_one_l2tp , params => [ $kind, $source, $dest ] } ,
'generic' => { function => \&setup_one_generic , params => [ $kind, $source, $dest ] } ,
);