Given that there are always more tunnel types than Shorewall is able to
support, I''ve implemented "Generic" tunnels in the CVS
/Shorewall thread.
Generic tunnels work pretty much like any of the other tunnel type. You
usually add a zone to represent the systems at the other end of the tunnel
and you add the appropriate rules/policies to implement your security
policy regarding traffic to/from those systems.
In the /etc/shorewall/tunnels file, you can have entries of the form:
# TYPE ZONE GATEWAY GATEWAY ZONE
generic:<protocol>[:<port>] <zone> <ip address>
where:
<protocol> is the protocol used by the tunnel
<port> if the protocol is ''udp'' or
''tcp'' then this
is the destination port number used by the
tunnel.
<zone> is the zone of the remote tunnel gateway
<ip address> is the IP address of the remote tunnel
gateway.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net