What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

iptables for dummies please?

  • Thread starter Thread starter Deleted member 27741
  • Start date Start date
D

Deleted member 27741

Guest
Let's say these are the first five iptables rules. Can anyone tell me if my explantion is wrong?

Chain INPUT
num__target___ prot__opt__in____out __source______destination
1 ____ACCEPT__all ___-- __tap22 _any __anywhere____anywhere
2 ____ACCEPT__udp__-- __any___any __anywhere____anywhere___udp dpt:www
3 ____ACCEPT__all___-- __tap21 _any___anywhere____anywhere
4 ____ACCEPT__tcp___-- __any__any ___anywhere ___anywhere___tcp dpt:https
5 ____logdrop__all___-- __eth0__any___141.212.122.0/24_anywhere

Rule #1 accept packet from anywhere of any protocol coming to openvpnserver2 and send them anywhere.
Rule #2 accept udp packets from anywhere to port 80 to any interface send out any interface to anywhere.
Rule #3 from anywhere accept packets of any protocol coming to openvpnserver1 and send them anywhere.
Rule #4 accept tcp packets from anywhere to port 443 to any interface send out any interface to anywhere.
Rule # 5 logdrop packets of any protocol coming to the wan interface from source 141.212.122.0/24

Question- would it be a good/bad idea to restrict rules 1 and 3 to the openvpnserver listening ports? Restrict to tcp/udp depending on openvpnserver procotol?

How do I go about changing default iptables?
 
Last edited by a moderator:
000111 said:
Question- would it be a good/bad idea to restrict rules 1 and 3 to the openvpnserver listening ports?
Click to expand...
No. Think about it.

tap21/22 are tunnels so you want them to carry ALL of your usual type of traffic, i.e. http, https, ftp, etc.

The VPN listening port (1194 I think?) is on the WAN interface (eth0).

Sorry, that's not a very clear explanation. :oops:
 
You must log in or register to reply here.

Similar threads

F
Understanding IPTABLES - asus ROG ax6000
Replies
17
Views
1K
ColinTaylor
C
M
AdGuardHome IPTables blocking TLS port 853 from other hosts
Replies
3
Views
975
dave14305
dave14305
P
Tutorial Subnetting isolation without a VLAN switch
Replies
6
Views
1K
Justinh
J
P
Subnetting LAN isolation
Replies
2
Views
1K
Pixwert
P
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
2K
Don->
D
Similar threads
Thread starter Title Forum Replies Date
J RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time Asuswrt-Merlin 14
J Curious behaviour after opening ports with iptables - RTAX86U - Asus Wrt Merlin Asuswrt-Merlin 6
S Custom IPTables and EBTables CLI after GUI reprovisioning Asuswrt-Merlin 1
r000t Hardcoded Google DNS IPTABLES rule Asuswrt-Merlin 6
F Understanding IPTABLES - asus ROG ax6000 Asuswrt-Merlin 17
SkierInAvon Asus Merlin - iptables command (not working?) Asuswrt-Merlin 8
v.y.k iptables pkts & bytes numbers are too low on Merlin 3004.388 Asuswrt-Merlin 13
el_pedr0 Please harmonise killswitch behaviour Asuswrt-Merlin 1
kaotic2499 Please add Asuswrt-merlin to GT-BE98 (Non-pro) version Asuswrt-Merlin 22
el_pedr0 Please help me diagnose knotty routing problem Asuswrt-Merlin 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 470 (members: 15, guests: 455)
Back
Top