> I probably should have mentioned this earlier, but my predecessor left
> me with a firewall script that, when launched, locks me out of the
> server.
I would recommend having a look at Shorewall rather that wrestle with
iptables scripts.
use the files in /usr/share/doc/shorewall/examples/one-interface as the
base, check /usr/share/shorewall for macro.<proto> files and add them to
the rules.
Copy the files into /etc/shorewall/ and make the changes:
interfaces:
change eth0 to venet0, add tap0 in zone 'vpn' for openvpn (or a tun,
bridge etc, whatever your using)
policy:
add 'vpn $FW ACCEPT', and possibly '$FW vpn ACCEPT'
rules:
look in /usr/share/shorewall/ for macro files and define them like this:
(SSH)ACCEPT net $FW
...
zones:
add 'vpn' zone here type ipv4
Thats it, then on the command line 'shorewall' lets you control it, dont
forget to edit /etc/default/shorewall if you want it to start at boot
(once you know the rules are sound of course)
If you have a go with this and have problems post your config, and I'll
try to help.
Regards
Jon
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/4F3D1967.2040906@ts-tech.co.uk
No comments:
Post a Comment