KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
openwrtv3/package/firewall/files/lib
History
Jo-Philipp Wich ad23dd94b6 firewall: provide examples of ssh port relocation on firewall and IPsec passthrough Two examples of potentially useful configurations (commented out, of course): 
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.

(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

SVN-Revision: 26805
2011-05-02 12:54:31 +00:00
..
config.sh firewall: change the order of IPv4/IPv6 address detection, fixes mixed notation v6 improperly detected as v4 address 2010-05-31 01:34:47 +00:00
core.sh firewall: make invalid redirects and duplicate zones non-fatal, print a notice and discard them 2010-09-16 11:47:35 +00:00
core_forwarding.sh firewall: - simplify masquerade rule setup - remove various subshell invocations - speedup fw() by not relying on xargs and pipes - rework SNAT support - attach to dest zone, use src_dip/src_dport as snat source 2010-09-11 20:04:34 +00:00
core_init.sh firewall: move include sourcing into a subshell, this makes the firewall init immune against exit in the include scripts 2011-03-02 19:20:29 +00:00
core_interface.sh firewall: provide examples of ssh port relocation on firewall and IPsec passthrough Two examples of potentially useful configurations (commented out, of course): 2011-05-02 12:54:31 +00:00
core_redirect.sh firewall: allow local redirection of ports 2011-04-12 20:03:59 +00:00
core_rule.sh firewall: fix wrong rule order if multiple protocols are used 2011-01-27 22:19:53 +00:00
fw.sh fireall: - support negations for src_ip, dest_ip, src_dip options in rules and redirects - add NOTRACK target to rule sections, allows to define fine grained notrack rules 2010-09-28 10:42:56 +00:00
uci_firewall.sh firewall: - replace uci firewall with a modular dual stack implementation developed by Malte S. Stretz - bump version to 2 2010-05-01 18:22:01 +00:00