[Openswan Users] l2tp firewall kernel 26

Brett Curtis dashnu at gmail.com
Tue Jun 28 11:53:31 CEST 2005

EXTIF=eth0  external interface

# Output l2tp traffic
$IPT -N allow-l2tp-traffic-out
$IPT -F allow-l2tp-traffic-out
$IPT -A allow-l2tp-traffic-out -s $EXTIP -p udp -m udp --sport 1701 \

this should be applied to your output chain only. 

Note: i use a default DROP all policy.

You can look at it if ya want.. It is my first draft so it is a mess :O
Works ok for now but I am just learning iptables.


On 6/28/05, sasa <sasa at shoponweb.it> wrote:
> "Brett Curtis" wrote:
> ># External Input VPN Access
> >$IPT -N external-vpn-traffic
> >$IPT -F external-vpn-traffic
> >$IPT -A external-vpn-traffic -i $EXTIF -m mark --mark 1 -j ACCEPT
> >$IPT -A external-vpn-traffic -d $EXTIP -p udp -m udp --dport 500 \
> >  -j ACCEPT
> >$IPT -A external-vpn-traffic -p esp -j ACCEPT
> I think that EXTIP is the pubblic IP on eth0 (public interface on fw/vpn bix) but what's the EXTIF ??
> still thanks.
>         Salvatore.

More information about the Users mailing list