Iptables on Client w/OpenVPN
Rashkae
ubuntu at tigershaunt.com
Fri Feb 12 14:11:22 UTC 2010
Chris wrote:
> Greetings,
>
> Here's my situation:
>
> I want to deny all incoming on my PC but want to allow my OVPN client
> to access a remove OVPN server.
>
> My PC has just has the one nic and goes to a cable modem. Nothing real
> fancy.
>
> Any pointers or examples would be greatly appreciated!
>
> TIA
>
Lots of choice, I present 3.
Firestarter has a great GUI for simple firewall configurations. You
have to install it.
Ubuntu comes with a pre-configured firewall, but is disabled by default.
To use it, sudo gedit /etc/ufw/ufw.conf and set Enable to yes.
And finally: the masochist way (often my favorite)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -P INPUT DROP
This, of course, assumes that when you say you want to block all
incoming connections, you actually mean to allow connections that your
computer initiates...if you really want to prevent your computer from
receiving any packets from the net whatsoever.....
iptables -A INPUT -p udp --dport ##### -s ipaddress -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -P INPUT DROP
The ###### needs to be set to a port number you configure your ovpn
client to use all the time. and ipaddress is the address of the ovpn server.
Oh, I almost forgot, you'll also want to allow incoming connections from
the ovpn connection, so you'll also need something like:
/sbin/iptables -A INPUT -i tun+ -j ACCEPT
And you'll also probably want to do something about ip6
/sbin/ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -i tun+ -j ACCEPT
/sbin/ip6tables -P INPUT DROP
More information about the ubuntu-users
mailing list