On 10/25/2015 10:19 AM, Tom Robinson wrote: > > I'm still confused by the documentation, though. Do any of these rules > go in ESTABLISHED? (From http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP): > > |/etc/shorewall/rules|: > > #ACTION SOURCE DEST PROTO DEST SOURCE > # PORT(S) PORT(S) > SECTION ESTABLISHED > # Prevent IPsec bypass by hosts behind a NAT gateway > L2TP(REJECT) net $FW > REJECT $FW net udp - 1701 > # l2tp over the IPsec VPN > ACCEPT vpn $FW udp 1701 > # webserver that can only be accessed internally > HTTP(ACCEPT) loc $FW > HTTP(ACCEPT) l2tp $FW > HTTPS(ACCEPT) loc $FW > HTTPS(ACCEPT) l2tp $FW > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE >
Only the first two should be in the ESTABLISHED section. I've corrected the article. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
