Hi. I am using Shorewall 5.2.8 on Debian Bookworm. I'm building a system to act
as a VPN server in a hub and spoke topology where the clients connect to the
sever and Shorewall is used to selectively allow traffic between clients.
Therefore I am using routeback for my vpn tun interface.
At first glance it seems to work and the clients can ping each other. But I
found that Shorewall rules have no impact on traffic when routeback is added. I
tested this by adding a rule to reject traffic from a specific system to
another specific system. But it cannot reject/drop the traffic. Without
routeback I of course get sfilter drop messages in the logs.
So basically routeback is behaving like client-to-client would allowing
inter-client communication unfettered by Shorewall. Why is routeback not having
the desired effect of allowing me firewall traffic that is arriving and leaving
on my vpn zone interface?
Thanks,
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
