Re: [Openvpn-users] Block traffic over certain ports?

  • Subject: Re: [Openvpn-users] Block traffic over certain ports?
  • From: "Prasanna Krishnamoorthy" <prasanna79@xxxxxxxxx>
  • Date: Sat, 17 Nov 2007 11:34:51 +0530

On Nov 17, 2007 3:39 AM, Cirroc <cirroc@xxxxxxxxx> wrote:
> I have a series of machines connecting via VPN, and I'd like to block
> traffic going between them, but I can't seem to find a way to use
> iptables to filter what the server forwards, so I can limit to specific
> ports..
You need to set client-to-client off. Only then will the packets that
can be routed directly by openVPN come into iptables at ALL!!

So set client-to-client off and then do whatever you want in iptables.
If you're using shorewall, you'll need to setup routeback on that
interface :-).

If you're not already using shorewall to manage your firewall, take a
look. It's amazingly good to use, and will allow you to do simple
things easily, while leaving it possible to do very complex things
with less effort than otherwise. We use shorewall *very* extensively.
And Tom is the most helpful developers of OS software I've seen.
