git.openwrt.org Git - openwrt/svn-archive/archive.git/commit - package/firewall/files/firewall.config

author	Jo-Philipp Wich <jow@openwrt.org>
	Mon, 2 May 2011 12:54:31 +0000 (12:54 +0000)
committer	Jo-Philipp Wich <jow@openwrt.org>
	Mon, 2 May 2011 12:54:31 +0000 (12:54 +0000)
commit	ccbbf6a625d2db4b8aa05f9e18dbe91a041b486c
tree	873baee5758beda5d26b4efb77009a9892f8689d	tree \| snapshot
parent	8307376f7e473e9de475d5b898a2ee7a05e0771f	commit \| diff

[PATCH] firewall: provide examples of ssh port relocation on firewall and IPsec passthrough
Two examples of potentially useful configurations (commented out, of course):

(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.

(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26805

package/firewall/files/firewall.config		diff \| blob \| history
package/firewall/files/lib/core_interface.sh		diff \| blob \| history