[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Block traffic over certain ports?


  • Subject: Re: [Openvpn-users] Block traffic over certain ports?
  • From: Yan Seiner <yan@xxxxxxxxxx>
  • Date: Fri, 16 Nov 2007 21:26:59 -0800

Cirroc wrote:
> Fair enough, the problem is that those statements didn't work ;)
> Traffic still go through on those ports ;(
> Ross Cameron wrote:
>   
>> On Nov 17, 2007 12:09 AM, Cirroc <cirroc@xxxxxxxxx> wrote:
>>   
>>     
>>> [root@vpn openvpn-2.0.9]# iptables -t filter -A FORWARD -i tun0 -p tcp --destination-port 22 -j DROP
>>> [root@vpn openvpn-2.0.9]# iptables -t filter -A FORWARD -i tun0 -p tcp --destination-port 3389 -j DROP
>>> [root@vpn openvpn-2.0.9]# iptables -t filter -A INPUT -i tun0 -p tcp --destination-port 22 -j DROP
>>> [root@vpn openvpn-2.0.9]# iptables -t filter -A INPUT -i tun0 -p tcp --destination-port 3389 -j DROP
>>>     
>>>       
>> All that could be re-written as:
>> iptables -t filter -A FORWARD -i tun0 -p tcp -m multiport -dports
>> 22,3389 -j DROP
>> iptables -t filter -A INPUT -i tun0 -p tcp -m multiport -dports 22,3389 -j DROP
>>
>> Just make sure you're IPtables had the multiport module.
>>   
>>     
The sequence of the rules is important too..... You don't happen to have 
a -j ACCEPT rule that could be causing trouble ahead of that, do you?
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users