[Shorewall-users] unable to filter or log vpn traffic
teastep at shorewall.net
Tue Mar 15 10:21:59 PST 2005
> So this VPN create a direct connection from one of my internal machine
> to external server completely bypass my firewall, seem i can do nothing
> to control traffic.
With ADMINISABSENTMINDED=Yes, once you have allowed the VPN connection
to be established then the only things that you can do to stop traffic
through that VPN are:
a) Use the 'cutter' utility to sever the VPN connection (or unload the
ip_conntrack kernel module).
b) Set BLACKLISTNEWONLY=No in shorewall.conf and blacklist the remote
With ADMINISABSENTMINDED=No, stopping Shorewall will probably stop VPN
traffic since you normally don't have your external interfaces enabled
in your /etc/shorewall/routestopped file.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
More information about the Shorewall-users