On 24.01.2015 08:44, Jan Niggemann wrote:
Zitat von Mart Frauenlob <mart.frauenlob@xxxxxxxxx>:
Even if the modules are loaded, you need to allow the first gre packet
as you pointed out above.
At least on my system it's sufficient that I load conntrack_pptp. With
the following rules I can then create a pptp connection:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
I do not need to explicitly allow any gre traffic for the pptp vpn to work.
Because it's accepted in the OUTPUT chain by the default policy?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
