diff options
author | ngharo <ngharo@gmail.com> | 2016-11-28 16:41:27 -0600 |
---|---|---|
committer | ngharo <ngharo@gmail.com> | 2016-11-28 16:41:27 -0600 |
commit | 5b9d103668a99911e4c11adbe677097186280fb4 (patch) | |
tree | 0bdbda584785db32cf9661accf459a4398137f1e /README.md | |
parent | 4b92eddec7d6c9ca8143762425683cf6adc35419 (diff) | |
download | firewall-5b9d103668a99911e4c11adbe677097186280fb4.tar.xz firewall-5b9d103668a99911e4c11adbe677097186280fb4.zip |
Updates to make weird stuff optional
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 22 |
1 files changed, 7 insertions, 15 deletions
@@ -2,23 +2,15 @@ Dual stack capable iptables firewall script ``` +supports two interfaces/addresses plus NAT support for VPN servers + +Terminology used in the script: +"Public" an address where services are available +"Private" (optional) another address where services are available + +Example: public and private are both public facing interfaces but have different ports allowed. e.g. private (1.1.1.2) IP allows SSH and VPN access while public (1.1.1.1) allows HTTP. - -+----------+ +-------------+ -| | "public" | 1.1.1.1 | -| <-----------------> 2001::1 | -| internet | | eth0 | -| <-----------------> 1.1.1.2 | -| | "private" | 2001::2 | -+----------+ +-------------+ - - -+-----------+ +-------------+ -| | 172.16.23.0/24 | | -| VPN <----------------> tun0 | -| | | 172.16.23.1 | -+-----------+ +-------------+ ``` |