ocserv: applying firewall rules to restrict to the set routes
n.mavrogiannopoulos at gmail.com
Mon Nov 16 23:28:53 PST 2015
On Tue, 2015-11-17 at 10:19 +0700, Niels Peen wrote:
> I would prefer a more generic approach where missing variables
> (routes+DNS) are made available to the connect/disconnect scripts.
> To support the specific scenario you describe you could include
> sample connect/disconnect scripts.
It would be a good idea to also add these variables to the
connect/disconnect scripts, but these scripts are for the local
administrator to modify. I was thinking of making the firewall rule
application a standard option of ocserv, and that would have to be
through a separate script which is not intended to be modified by the
administrator. Which other use cases did you have in mind that couldn't
be handled by the default rules that I described?
More information about the openconnect-devel