[ previous ] [ next ] [ threads ]
 From:  "Kristian Shaw" <monowall at wealdclose dot co dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: Version of m0n0wall that filters VPN traffic/Allows fragments
 Date:  Sat, 11 Feb 2006 13:33:22 -0000

I have done some more work on seeing if I can create a version of m0n0wall 
that allows full filtering of VPN traffic.

Not intended to be used in production, I have created a version that instead 
of applying rules on each interface applies them to all interfaces instead. 
This concept is similar to that used in some commercial firewalls where you 
simply define source and destination addresses in rules.

The image I have produced is a proof of concept that I have only tested in a 
development environment with IPSEC VPNs. I don't know how well it will cope 
with other configurations or if I have missed anything that might make it 
insecure. In addition, you need to start to with the default configuration 
as the ruleset is slightly different in the config.xml - using an existing 
configuration may produce odd results.

Although hosted on a slow link, the image is available here: