Add support for PPTP client and server on the Firewall

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@295 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/firewall

@@ -1175,7 +1175,23 @@ setup_tunnels() # $1 = name of tunnels file
 	addrule $inchain  -p $3 -s $2 -j ACCEPT
 	addrule $outchain -p $3 -d $2 -j ACCEPT
 
-	echo "   $1 tunnel to $gateway defined."
+	echo "   $1 tunnel to $2 defined."
+    }
+
+    setup_pptp_client() # $1 = gateway
+    {
+	addrule $outchain -p 47               -d $1 -j ACCEPT
+	addrule $outchain -p tcp --dport 1723 -d $1 -j ACCEPT
+
+	echo "   PPTP tunnel to $1 defined."
+    }
+
+    setup_pptp_server()
+    {
+	addrule $inchain -p 47               -j ACCEPT
+	addrule $inchain -p tcp --dport 1723 -j ACCEPT
+
+	echo "   PPTP server defined."
     }
 
     strip_file tunnels $1
@@ -1199,6 +1215,12 @@ setup_tunnels() # $1 = name of tunnels file
 		gre|GRE)
 		    setup_one_other GRE $gateway 47
 		    ;;
+		pptpclient|PPTPCLIENT)
+		    setup_pptp_client $gateway
+		    ;;
+		pptpserver|PPTPSERVER)
+		    setup_pptp_server
+		    ;;
 		*)
 		    error_message "Tunnels of type $kind are not supported:" \
 			"Tunnel \"$tunnel\" Ignored"

Shorewall/tunnels

@@ -10,7 +10,7 @@
 #	The columns are:
 #
 #	TYPE	    --	must start in column 1 and be "ipsec", "ipsecnat","ip"
-#			or "gre"
+#			"gre","pptpclient" or "pptpserver"
 #
 #	ZONE	    --	The zone of the physical interface through which
 #			tunnel traffic passes. This is normally your internet
@@ -58,5 +58,18 @@
 #
 #			ipsec	net	0.0.0.0/0	vpn1,vpn2,vpn3
 #
-# TYPE		ZONE	GATEWAY		GATEWAY ZONE
+#		Example 5:
+#
+#			You run the Linux PPTP client on your firewall and
+#			connect to server 192.0.2.221.
+#
+#			pptpclient	net	192.0.2.221
+#
+#		Example 6:
+#
+#			You run a PPTP server on your firewall.
+#
+#			pptpserver	net
+#
+# TYPE			ZONE	GATEWAY		GATEWAY ZONE
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE