Listing 11. Punching a little hole in the firewall.
Note that the e61 is set in /etc/hosts to 192.168.6.252.


iptables -X REMOTEVPN_INPUT   2>/dev/null
iptables -X REMOTEVPN_OUTPUT  2>/dev/null
iptables -N  REMOTEVPN_INPUT
iptables -N  REMOTEVPN_OUTPUT

iptables -I INPUT  -j REMOTEVPN_INPUT
iptables -I OUTPUT -j REMOTEVPN_OUTPUT

iptables -A REMOTEVPN_INPUT -p esp -j ACCEPT
iptables -A REMOTEVPN_INPUT -m udp -p udp \
  --dport isakmp -j LOG \
  --log-prefix "incoming-ipsec-key "
iptables -A REMOTEVPN_INPUT --src e61 \
  -p tcp --dport imaps -j LOG \
  --log-prefix "incoming-imaps "
iptables -A REMOTEVPN_INPUT -m udp -p udp \
  --dport isakmp -j ACCEPT
iptables -A REMOTEVPN_INPUT --src e61 -p tcp \
  --dport imaps -j ACCEPT
iptables -A REMOTEVPN_INPUT --src e61 -p tcp \
  --dport smtp  -j ACCEPT
iptables -A REMOTEVPN_INPUT --src e61 -p tcp \
  --dport squid -j ACCEPT
iptables -A REMOTEVPN_INPUT --src e61 \
  -j LOG --log-prefix "e61-strange "

iptables -A REMOTEVPN_OUTPUT -p esp -j ACCEPT
iptables -A REMOTEVPN_OUTPUT -m udp -p udp \
  --sport isakmp -j LOG \
  --log-prefix "outgoing-ipsec-key "
iptables -A REMOTEVPN_OUTPUT -m udp -p udp \
  --sport isakmp -j ACCEPT