Answer the question
In order to leave comments, you need to log in
X
X
x-tropic2017-02-28 14:20:51
x-tropic, 2017-02-28 14:20:51
How to prevent VPN clients from accessing the Internet, leaving access only to a given ip (or domain)?
Hello, I have a router with custom firmware and a built-in openvpn server. How to restrict access to vpn clients using iptables, blocking all connections, leaving access to only one site?
1 answer(s)
@x-tropic
I would recommend making rules 2 and 3 general, without being tied to an interface, but not knowing what you have limited to input (tun0) and output (eyh0) interfaces.
K
krosh, 2017-02-28 @x-tropic
Assuming that tun0 is the interface for vpn clients and eth0 is the internet, we can start with the following rules.
iptables -P FORWARD DROP
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -m comment --comment "РАЗРЕШЕНО Установленные соединения" -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -p udp -m udp --dport 53 -m comment --comment "РАЗРЕШЕНО DNS/udp" -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -d yandex.ru -m conntrack --ctstate NEW -m comment --comment "РАЗРЕШЕНО Доступ к Яндексу" -j ACCEPTI would recommend making rules 2 and 3 general, without being tied to an interface, but not knowing what you have limited to input (tun0) and output (eyh0) interfaces.
Similar questions
D
N
A
M
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question