On 3/18/2020 5:23 PM, Witold Tosta wrote:
Is it possible to filter incoming connections using the GeoIP module for
the OpenVPN gateway located on the Linux Shorewall router?
From what I noticed, the entry in the /etc/shorewall/tunnels file:
#TYPE ZONE GATEWAY GATEWAY_ZONE
openvpnserver: 1194 net 0.0.0.0/0
implies opening the udp/1194 port to the internet on which the OpenVPN
service is listening, regardless of whether the appropriate permitting
entry appears in /etc/shorewall/rules file. My point is to allow
connections to the OpenVPN gateway from a given country using the GeoIP
module, e.g.
# Accept OpenVPN gateway access only from PL
OpenVPN(ACCEPT) net:^[PL] $FW
From what I've read, Tom Eastep is planning to withdraw the use of the
tunnels file for the rules file, where the syntax shown above will
probably be accepted by the Shorewall Firewall.
It would be good if you could try it and if it works for you and report
back if you have issue(s).
Could you, Dear Tom, respond to this?
Note that Tom is retired from the Shorewall project.
--
Matt Darfeuille <m...@shorewall.org>
Shorewall Project Committee, one of four core members
https://sourceforge.net/p/shorewall/mailman/message/36596609/
shorewall.org
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
