Hello,
I have a VPN connection to my mail server, and would like to enforce
that mails can be fetched only over the VPN connection.
As a first step, I've changed my mailclient to use the server's VPN IP
10.7.0.1.
For additional security, I'd like to enforce that connections to this IP
_must_ be routed through the tun0 device, or if this device isn't
available, be blocked. (See [1] for usecase.)
Is there a way (ideally using SuSEfirewall or another way that is
available "out of the box") to enforce that traffic to 10.7.0.1 must go
to the tun0 device - or be blocked if there's no tun0 device?
Regards,
Christian Boltz
[1] In theory I could be in a conference network with broken internet
access (so no VPN connection), but a machine there could have
10.7.0.1 - I'd like to avoid that this machine can "earn" my
password ;-)
--
> And don't be afraid of Henne, he's a nice guy :-)
Pffft Lies, all lies! I'm the meanest son of a gun you know.
Admit it! 8-)
[> Vincent Untz and Henne Vogelsang in opensuse-project]
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org