tunnel element specifies a static tunnel. It has six attributes:
type attribute defines the type of the tunnel. This can be either
tcp specifies a listener for generic TCP tunneling
ftp specifies a listener for FTP tunneling (also the FTP data channels are tunneled)
socks-proxy specifies a listener that acts as a SOCKS proxy towards the client applications. The traffic coming to the proxy is filtered using filter rules. When this option is used, a
filter-engine element must be defined. See Section The filter-engine Element.
listen-address attribute defines the local interface to be listened. If
allow-relay is set to
yes, it overrides this setting and all interfaces are listened.
listen-port attribute defines the local port to be listened.
dst-port attributes define the destination host address and port. The value of
dst-host can be either an IP address or a domain name. The default is
127.0.0.1 (localhost = server host). These settings are not needed if
socks-proxy is set as the tunnel
allow-relay attribute defines whether connections to the listened port are allowed from outside the client host. The default is
profile attribute specifies the connection profile id that is used for the tunnel.