|
|
On Jan 4, 2008 6:06 AM, Jan Just Keijser <janjust@xxxxxxxxx> wrote: > Hi Marco, > > please explain: > > "with Client-to-client deactivated all clients can only see the server" > > that's exactly what it is supposed to do... this means all > client-to-client traffic IS blocked. Isn't that what you wanted? > I agree, filtering client-to-client traffic is not possible (either in > tun or tap mode) but blocking is definitely possible. Note that blocking > client-to-client traffic will and should also imply that all > broadcast/multicast traffic is blocked. That's the way it is supposed to > work ;-) This should be possible. What you need is not iptables, but ebtables! Iptables as the name suggests, will allow you to filter only IP packets :). Ebtables on the other hand is built for bridging. I suggest you set client-to-client off, and use shorewall/ebtables to setup the filtering on the appropriate interface(s). http://ebtables.sourceforge.net/ Prasanna ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2008-01/msg00038.html on line 206 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2008-01/msg00038.html on line 206 |