fi
# Outgoing masquerading (don't masqerade IPSEC (mark 50))
- /sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
- /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+ #/sbin/iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
+ #/sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
fi
}
/sbin/iptables -A OUTPUT -j POLICYOUT
/usr/sbin/firewall-policy
-
;;
startovpn)
# run openvpn
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
fi
/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
+
;;
stopovpn)
# stop openvpn