[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables example for mail/web/opevpn server

On 16/02/12 11:36, Raven wrote:
> I probably should have mentioned this earlier, but my predecessor left
> me with a firewall script that, when launched, locks me out of the
> server.
I would recommend having a look at Shorewall rather that wrestle with
iptables scripts.

use the files in /usr/share/doc/shorewall/examples/one-interface as the
base, check /usr/share/shorewall for macro.<proto> files and add them to
the rules.

Copy the files into /etc/shorewall/ and make the changes:

  change eth0 to venet0, add tap0 in zone 'vpn' for openvpn (or a tun,
bridge etc, whatever your using)

  add 'vpn  $FW  ACCEPT', and possibly '$FW  vpn  ACCEPT'

  look in /usr/share/shorewall/ for macro files and define them like this:



add 'vpn' zone here type ipv4

Thats it, then on the command line 'shorewall' lets you control it, dont
forget to edit /etc/default/shorewall if you want it to start at boot
(once you know the rules are sound of course)

If you have a go with this and have problems post your config, and I'll
try to help.



Reply to: