dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity

dch-gw: Host Pyrocufflink VPN locally

Browse Source 
This commit adjusts the firewall and networking configuration on dc0 to
host the Pyrocufflink remote access IPsec VPN locally instead of
forwarding it to the internal VPN server.
This commit is contained in:
Dustin
2018-05-20 13:00:46 -05:00
parent 42b8d2e54f
commit f8641cb912
6 changed files with 19 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/dch-gw/templates/incoming.nft.j2
View File

@@ -24,8 +24,9 @@ table inet filter {
ct state established,related accept
iif lo accept
ip6 nexthdr ipv6-icmp accept
ip protocol icmp accept
ip protocol { icmp, esp } accept
udp sport dhcpv6-server counter accept
udp dport { isakmp, ipsec-nat-t } ct state new counter accept
iif != {{ internet_iface }} tcp dport @allow_tcp_in ct state new counter accept
iif != {{ internet_iface }} udp dport @allow_udp_in ct state new counter accept
iif {{ internet_iface }} drop