User Tools

Site Tools


doc:howto:vpn.ipsec.firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:vpn.ipsec.firewall [2013/10/28 08:29]
lorema
doc:howto:vpn.ipsec.firewall [2015/02/23 16:26] (current)
birnenschnitzel [Firewall integration]
Line 112: Line 112:
 So once again we have to fix the queue. Therefore we will put a rule at the first position in the chain. This will ensure that packets to foreign VPN subnets will remain untouched. ​ So once again we have to fix the queue. Therefore we will put a rule at the first position in the chain. This will ensure that packets to foreign VPN subnets will remain untouched. ​
  
 +===== Firewall integration =====
 +
 +To enable custom firewall rules we hook up with the default firewall mechanism. Ensure that firewall user scripts are loaded and reloaded everytime we (re)start the OpenWrt firewall. Verify/​adapt the following lines in /​etc/​config/​firewall
 +
 +<​code>​
 +config include
 +        option path '/​etc/​firewall.user'​
 +        option reload 1
 +</​code>​
 +
 +Additionally place the call to the ipsec user firewall script into /​etc/​firewall.user.
 +
 +<​code>​
 +# This file is interpreted as shell script.
 +# Put your custom iptables rules here, they will
 +# be executed with each firewall (re-)start.
 +
 +# Internal uci firewall chains are flushed and recreated on reload, so
 +# put custom rules into the root chains e.g. INPUT or FORWARD or into the
 +# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
 +
 +/​etc/​firewall.ipsec ​
 +</​code>​
 ===== VPN Firewall Script ===== ===== VPN Firewall Script =====
  
doc/howto/vpn.ipsec.firewall.1382945343.txt.bz2 · Last modified: 2013/10/28 08:29 by lorema