|
|
On Thu, 2005-08-04 at 08:24 -0400, Yaoning Tao wrote: > In my case. I want to set the iptables policy as block everything and only > open UDP 1194, when system starts. If there are some remote users connect to > with the OpenVPN, the server could generate the firewall rules according > user's IP address. Server will delete these rules when user disconnect with > the server. So I only open my server to receive traffic when trusted user > connects with server. > > Is it possible to implement this goal? Absolutely. On a "learn-address add", add an ALLOW rule; on a "learn-address delete", delete the rule; on a "learn-address update", update it to use the new IP. The man page should provide more than adequate documentation on this process. One thing in addition: When OpenVPN is started or stopped, I would recommend flushing the iptables rules and restoring their initial state as a safeguard. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-08/msg00059.html on line 195 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-08/msg00059.html on line 195 |