userdoc:tt_firewall_plugins

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
userdoc:tt_firewall_plugins [2017/06/03 14:57]
abelbeck [net-prefix-translation] 		userdoc:tt_firewall_plugins [2020/05/13 15:03]
abelbeck [Firewall Plugins]
Line 1: Line 1:
 ====== Firewall Plugins ====== ====== Firewall Plugins ======
  
-AstLinux provides an IPv4 / IPv6 Stateful Filtering Firewall, based on the excellent [[http://rocky.eld.leidenuniv.nl/|Arno's IPTABLES Firewall]] (**AIF**) script, developed by Arno van Amersfoort.+AstLinux provides an IPv4 / IPv6 Stateful Filtering Firewall, based on the excellent [[https://github.com/arno-iptables-firewall/aif/|Arno's IPTABLES Firewall]] (**AIF**) script, developed by Arno van Amersfoort.
  
 A feature of **AIF** is firewall plugins that can add specific functionality outside of the core script.  Firewall Plugins can be managed by selecting the Network Tab in the web interface. A feature of **AIF** is firewall plugins that can add specific functionality outside of the core script.  Firewall Plugins can be managed by selecting the Network Tab in the web interface.
Line 111: Line 111:
 !!Note: this plugin is not available until AstLinux 1.3.0 and later.!!\\ !!Note: this plugin is not available until AstLinux 1.3.0 and later.!!\\
 Commonly used with static assigned ULA (Unique Local IPv6 Unicast Addresses) Commonly used with static assigned ULA (Unique Local IPv6 Unicast Addresses)
-(RFC4193) prefixes to local networks and perform a 1:1 mapping to a+(RFC4193) prefixes on local networks and perform a 1:1 mapping to a
 GUA (IPv6 Global Unicast Address) (RFC3587) prefix provided by your ISP. GUA (IPv6 Global Unicast Address) (RFC3587) prefix provided by your ISP.
 Should the GUA prefix change, the local ULA prefix can remain the same. Should the GUA prefix change, the local ULA prefix can remain the same.
Line 132: Line 132:
  
  
 +==== parasitic-net ====
 +!!Note: this plugin is not available until AstLinux 1.3.0 and later.!!\\
 +This Parasitic Network plugin allows "clients" on the same subnet to use this device as a gateway upstream.
 +This network of "clients" is the Parasitic Network, SNAT'ed to this device's external interface(s).
 +
 +This Parasitic Network is useful for situations when the upstream firewall
 +is not under your control and you desire added security for specific devices
 +in your subnet.  Set the gateway address of Parasitic Network clients to an
 +external IPv4 address of this device.
 +
 +To be effective, be certain the Parasitic Network clients are IPv4-only.
 +
 +(IPv4-only)
 ==== pptp-vpn-passthrough ==== ==== pptp-vpn-passthrough ====
 !!Note: this plugin is not available until AstLinux 1.2.5 and later.!!\\ !!Note: this plugin is not available until AstLinux 1.2.5 and later.!!\\
Line 139: Line 152:
  
 ==== pptp-vpn ==== ==== pptp-vpn ====
-!!Automatically Enabled!!\\ +!!Note: this plugin has been removed for AstLinux 1.3.8 and later.!!\\
-This plugin adds all required rules for using a PPTP VPN Server. +
- +
-The firewall must be enabled for the PPTP VPN to properly function.+
  
 ==== sip-user-agent ==== ==== sip-user-agent ====
Line 187: Line 197:
  
 (IPv4-only) (IPv4-only)
 +
 +==== wireguard-vpn ====
 +!!Note: this plugin is not available until AstLinux 1.3.2 and later.!!\\
 +!!Automatically Enabled!!\\
 +This plugin adds all required rules for using the WireGuard VPN.
 +
 +The firewall must be enabled for the WireGuard VPN to properly function.
 +
  • userdoc/tt_firewall_plugins.txt
  • Last modified: 2021/06/30 10:19
  • by abelbeck