Commit b67bb6c1 authored by mh's avatar mh Committed by Micah Anderson
Browse files

allow esp traffic from and to me

parent e27f9a83
class shorewall::rules::ipsec { class shorewall::rules::ipsec {
shorewall::rule { 'net-me-ipsec-udp': shorewall::rule {
'net-me-ipsec-udp':
source => 'net', source => 'net',
destination => '$FW', destination => '$FW',
proto => 'udp', proto => 'udp',
destinationport => '500', destinationport => '500',
order => 240, order => 240,
action => 'ACCEPT'; action => 'ACCEPT';
} 'me-net-ipsec-udp':
shorewall::rule { 'me-net-ipsec-udp':
source => '$FW', source => '$FW',
destination => 'net', destination => 'net',
proto => 'udp', proto => 'udp',
destinationport => '500', destinationport => '500',
order => 240, order => 240,
action => 'ACCEPT'; action => 'ACCEPT';
'net-me-ipsec':
source => 'net',
destination => '$FW',
proto => 'esp',
order => 240,
action => 'ACCEPT';
'me-net-ipsec':
source => '$FW',
destination => 'net',
proto => 'esp',
order => 240,
action => 'ACCEPT';
} }
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment