В Sun, 14 Dec 2014 22:11:43 +0100
Stanislav Baiduzhyi
On Sunday 14 December 2014 21:57:38 Andrei Borzenkov wrote:
You will need to allow traffic to/from your VPN peer and to/from your VPN device; everything else can be blocked. You can limit VPN peer traffic to OpenVPN ports to be fully paranoid.
I tried to do that, here's what I came up with:
/usr/sbin/iptables -A OUTPUT -o eth0 -j REJECT
This rule blocks everything. The first rule that applies to a packet wins. So you need to put exceptions first and rule that blocks everything as last.
/usr/sbin/iptables -A OUTPUT -o eth0 -p udp --dport 443 /usr/sbin/iptables -A INPUT -i eth0 -p udp --sport 443
But as soon as that script is executed the openvpn connection drops. Which is kind of obvious, but I cannot find proper solution in google... Any hints? :)
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org