Add 6in4 support

2025-03-09 15:50:00 +00:00 · 2018-05-04 06:28:28 +00:00 · 2018-05-04 06:28:28 +00:00 · dcf20947f2
commit dcf20947f2
parent a4b8cebbd1
13 changed files with 142 additions and 17 deletions
--- a/shorewall6/interfaces
+++ b/shorewall6/interfaces
@ -14,6 +14,6 @@
 ?FORMAT 2
 ###############################################################################
 #ZONE   INTERFACE       OPTIONS
-net	eth0            dhcp,tcpflags,nosmurfs,sourceroute=0
-vpn	gt-tun0        nosmurfs,tcpflags
+net	eth0            dhcp,tcpflags,rpfilter,forward=1
+vpn	omr-6in4        tcpflags,forward=1

--- a/shorewall6/policy
+++ b/shorewall6/policy
@ -13,10 +13,8 @@
 ###############################################################################
 #SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST

-vpn             net             ACCEPT
-vpn             fw              ACCEPT
-fw              vpn             ACCEPT
-fw              net             ACCEPT
+vpn             all             ACCEPT		info
+fw              all             ACCEPT
 net             all             DROP            info
 # THE FOLLOWING POLICY MUST BE LAST
 all             all             REJECT          info
--- a/shorewall6/rules
+++ b/shorewall6/rules
@ -31,6 +31,7 @@ DNS(ACCEPT)     $FW             net
 #       Allow Ping from/to the VPN
 #
 Ping(ACCEPT)    vpn             $FW
+Ping(ACCEPT)    vpn             net
 Ping(ACCEPT)    $FW             vpn
 #
 #       Allow Ping from the firewall to the network
--- a/shorewall6/snat
+++ b/shorewall6/snat
@ -0,0 +1,21 @@
+#
+# Shorewall - Sample SNAT/Masqueradee File for two-interface configuration.
+# Copyright (C) 2006-2016 by the Shorewall Team
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# See the file README.txt for further details.
+#------------------------------------------------------------------------------
+# For information about entries in this file, type "man shorewall-snat"
+#
+# See http://shorewall.net/manpages/shorewall-snat.html for more information
+###########################################################################################################################################
+#ACTION			SOURCE			DEST            PROTO	PORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
+#
+MASQUERADE		fe80::/10,\
+			fd00::/8		eth0
+# SNAT from VPN server for all VPN clients
+SNAT(fe80::a00:1)		::/0		omr-6in4
--- a/shorewall6/stoppedrules
+++ b/shorewall6/stoppedrules
@ -13,6 +13,6 @@
 ###############################################################################
 #ACTION         SOURCE          DEST            PROTO   DEST            SOURCE
 #                                                       PORT(S)         PORT(S)
-ACCEPT          gt-tun0         -
-ACCEPT          -               gt-tun0
+ACCEPT		omr-6in4	-
+ACCEPT		-		omr-6in4