ocserv: applying firewall rules to restrict to the set routes

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Mon Nov 16 23:28:53 PST 2015

On Tue, 2015-11-17 at 10:19 +0700, Niels Peen wrote:

> I would prefer a more generic approach where missing variables 
> (routes+DNS) are made available to the connect/disconnect scripts. 
> To support the specific scenario you describe you could include 
> sample connect/disconnect scripts.

It would be a good idea to also add these variables to the
connect/disconnect scripts, but these scripts are for the local
administrator to modify. I was thinking of making the firewall rule
application a standard option of ocserv, and that would have to be
through a separate script which is not intended to be modified by the
administrator. Which other use cases did you have in mind that couldn't
be handled by the default rules that I described?


More information about the openconnect-devel mailing list