On 16/02/12 11:36, Raven wrote: > I probably should have mentioned this earlier, but my predecessor left > me with a firewall script that, when launched, locks me out of the > server. I would recommend having a look at Shorewall rather that wrestle with iptables scripts.
use the files in /usr/share/doc/shorewall/examples/one-interface as the base, check /usr/share/shorewall for macro.<proto> files and add them to the rules. Copy the files into /etc/shorewall/ and make the changes: interfaces: change eth0 to venet0, add tap0 in zone 'vpn' for openvpn (or a tun, bridge etc, whatever your using) policy: add 'vpn $FW ACCEPT', and possibly '$FW vpn ACCEPT' rules: look in /usr/share/shorewall/ for macro files and define them like this: (SSH)ACCEPT net $FW ... zones: add 'vpn' zone here type ipv4 Thats it, then on the command line 'shorewall' lets you control it, dont forget to edit /etc/default/shorewall if you want it to start at boot (once you know the rules are sound of course) If you have a go with this and have problems post your config, and I'll try to help. Regards Jon -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
