Commit b67bb6c1 authored by mh's avatar mh Committed by Micah Anderson

allow esp traffic from and to me

parent e27f9a83
class shorewall::rules::ipsec {
shorewall::rule { 'net-me-ipsec-udp':
shorewall::rule {
'net-me-ipsec-udp':
source => 'net',
destination => '$FW',
proto => 'udp',
destinationport => '500',
order => 240,
action => 'ACCEPT';
}
shorewall::rule { 'me-net-ipsec-udp':
'me-net-ipsec-udp':
source => '$FW',
destination => 'net',
proto => 'udp',
destinationport => '500',
order => 240,
action => 'ACCEPT';
'net-me-ipsec':
source => 'net',
destination => '$FW',
proto => 'esp',
order => 240,
action => 'ACCEPT';
'me-net-ipsec':
source => '$FW',
destination => 'net',
proto => 'esp',
order => 240,
action => 'ACCEPT';
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment