[Openswan Users] l2tp firewall kernel 26
Brett Curtis
dashnu at gmail.com
Tue Jun 28 11:53:31 CEST 2005
EXTIF=eth0 external interface
# Output l2tp traffic
$IPT -N allow-l2tp-traffic-out
$IPT -F allow-l2tp-traffic-out
$IPT -A allow-l2tp-traffic-out -s $EXTIP -p udp -m udp --sport 1701 \
-j ACCEPT
this should be applied to your output chain only.
Note: i use a default DROP all policy.
You can look at it if ya want.. It is my first draft so it is a mess :O
http://teh.sh.nu/scripts/firewall.stable.1
Works ok for now but I am just learning iptables.
Brett
On 6/28/05, sasa <sasa at shoponweb.it> wrote:
> "Brett Curtis" wrote:
>
> ># External Input VPN Access
> >$IPT -N external-vpn-traffic
> >$IPT -F external-vpn-traffic
> >$IPT -A external-vpn-traffic -i $EXTIF -m mark --mark 1 -j ACCEPT
> >$IPT -A external-vpn-traffic -d $EXTIP -p udp -m udp --dport 500 \
> > -j ACCEPT
> >$IPT -A external-vpn-traffic -p esp -j ACCEPT
>
> I think that EXTIP is the pubblic IP on eth0 (public interface on fw/vpn bix) but what's the EXTIF ??
> still thanks.
>
> Salvatore.
>
>
More information about the Users
mailing list