Bas van Schaik <[email protected]> wrote: > Whenever I'm travelling: > 1) route all traffic over VPN (that's easy enough - not a Shorewall > challenge) > 2) enforce (1) using Shorewall by rejecting all traffic from $FW to my > 'net' zone (except to VPN server), to avoid leaking of information when > the VPN client is down. Traffic to the 'vpn' zone should be allowed. > > Whenever I'm at home (to my trusted SSID, or using my trusted router), > I'd like to: > 1) only route VPN-specific traffic through VPN (again: easy enough) > 2) allow all traffic from $FW to anywhere
I'm not familiar with the details of WLAN clients etc, but could this be handled in IF Up/Down scripts ? Ie, when you connect to your home WiFi network, the ifup script sets up Shorewall for that, otherwise it loads your travelling config. ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
