Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@sd-142177:/home/julien# nano /etc/shorewall/rules
- GNU nano 2.7.4 File: /etc/shorewall/rules
- #
- Invalid(DROP) net all tcp
- #
- # Accept DNS connections from the firewall to the network
- #
- DNS(ACCEPT) $FW net
- #
- # Allow Ping from/to the VPN
- #
- Ping(ACCEPT) vpn $FW
- Ping(ACCEPT) $FW vpn
- #
- # Allow Ping from the firewall to the network
- #
- Ping(ACCEPT) $FW net
- #
- # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
- #
- #Ping(DROP) net $FW
- Ping(ACCEPT) net $FW
- #
- # Accept connection from port > 65000 for shadowsocks and glorytun on the firewall
- #
- ACCEPT net $FW tcp 65000-65535
- ACCEPT net $FW udp 65000-65535
- #
- # Accept connection from SSH to the firewall
- #
- ACCEPT net $FW tcp 65222
- #
- # DHCP forward to the VPN from the firewall
- #
- DHCPfwd(ACCEPT) $FW vpn
- #
- # Redirect all port from 1 to 64999 to the VPN client from the network
- #
- DNAT net vpn:$OMR_ADDR tcp 1-64999
- DNAT net vpn:$OMR_ADDR udp 1-64999
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement