Could not you add each "spoke" as its own zone (using
/shorewall/hosts)?
Then firewall away
- Bob
On 12/12/2024 4:56:59 PM, Justin Pryzby
wrote:
openvpn's document for client-to-client says:
When this option is used, each client wi
openvpn's document for client-to-client says:
When this option is used, each client will "see" the other
clients which are currently connected. Otherwise, each
client will only see the server. Don't use this option if
you want to firewall tunnel traffic using custom,
On Wed, 11 Dec 2024 15:03:35 +
simonseys via Shorewall-users
wrote:
> Hi Tuomo,
>
> > You can change this behaviour by changing vpn-vpn policy in policy
> > file. Default policy in shorewall is ACCEPT for inter-zone traffic.
> >
>
> I assume you are referring to the policy file. If so, m
Hi Tuomo,
> You can change this behaviour by changing vpn-vpn policy in policy
> file. Default policy in shorewall is ACCEPT for inter-zone traffic.
I assume you are referring to the policy file. If so, mine contains:
$FW net ACCEPT
net all DROP#$
On Thu, 28 Nov 2024 06:47:47 +
simonseys via Shorewall-users
wrote:
> So basically routeback is behaving like client-to-client would
> allowing inter-client communication unfettered by Shorewall. Why is
> routeback not having the desired effect of allowing me firewall
> traffic that is arrivi
Hi. I am using Shorewall 5.2.8 on Debian Bookworm. I'm building a system to act
as a VPN server in a hub and spoke topology where the clients connect to the
sever and Shorewall is used to selectively allow traffic between clients.
Therefore I am using routeback for my vpn tun interface.
At firs
