firewall/ipt-gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for restricted VPN networks.

Browse Source
This commit is contained in:
Christoph
2023-09-27 17:41:09 +02:00
parent c427d4fefd
commit 4c98319ddf
5 changed files with 397 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
conf/main_ipv4.conf.sample
View File

@ -563,6 +563,47 @@ vpn_local_net_ports="1194"
vpn_out_ports="$standard_vpn_port"
# -----
# - Restrict VPN Network to local Service
# -----#
# - restrict_vpn_net_to_local_service
# -
# - allow_ext_net_to_local_service="vpn-net:local-address:port:protocol [vpn-net:local-address:port:protocol] [..]"
# -
# - Note:
# - =====
# - - Only 'tcp' and 'udp' are allowed valuse for protocol.
# -
# - Example:
# - restrict_vpn_net_to_local_service="
# - 10.100.112.0/24:192.168.112.192/27:80:tcp
# - 10.100.112.0/24:192.168.112.192/27:443:tcp
# - "
# -
# - Blank separated list
# -
restrict_vpn_net_to_local_service=""
# -----
# - Restrict VPN Network to local (Sub) network
# -----
# - restrict_vpn_net_to_local_subnet
# -
# - restrict_vpn_net_to_local_subnet="<src-vpn-net>:<dst-local-net> [<src-vpn-net>:<dst-local-net>} [..]
# -
# - Example:
# - restrict_vpn_net_to_local_subnet="
# - 10.100.112.0/24:192.168.112.192/27
# - "
# -
# - Blank separated list
# -
restrict_vpn_net_to_local_subnet=""
# ======
# - WireGuard Service
# ======