On 30/09/14 18:25, Simon Hobson wrote: > Bas van Schaik <[email protected]> wrote: > >> Whenever I'm travelling: >> 1) route all traffic over VPN (that's easy enough - not a Shorewall >> challenge) >> 2) enforce (1) using Shorewall by rejecting all traffic from $FW to my >> 'net' zone (except to VPN server), to avoid leaking of information when >> the VPN client is down. Traffic to the 'vpn' zone should be allowed. >> >> Whenever I'm at home (to my trusted SSID, or using my trusted router), >> I'd like to: >> 1) only route VPN-specific traffic through VPN (again: easy enough) >> 2) allow all traffic from $FW to anywhere > I'm not familiar with the details of WLAN clients etc, but could this be > handled in IF Up/Down scripts ? Ie, when you connect to your home WiFi > network, the ifup script sets up Shorewall for that, otherwise it loads your > travelling config. That's right. But how do I keep two shorewall configurations side-to-side, with only one of them active at a time? Of course, I could simply have two shorewall configuration directories, copy the right one in place, and restart shorewall, but I feel that there might be a better solution using dynamic zones that I'm not quite getting yet...?
Bas ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
