iptables rules to restrict client access to a single ip

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
psirek
OpenVpn Newbie
Posts: 1
Joined: Wed Oct 15, 2014 12:11 pm

iptables rules to restrict client access to a single ip

Post by psirek » Wed Oct 15, 2014 12:30 pm

I have a working OpenVPN setup on my VPS box, that means that i can connect and browse the internet using the VPS external ip address. I am using the following iptables rules:

Code: Select all

iptables -A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
iptables -A FORWARD -s 192.168.88.0/24 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.88.0/24 -j SNAT --to-source <PUBLIC_VPN_IP>
I want to restrict access to the server so only a single client ip address can access it:

Code: Select all

iptables -A INPUT -s <Client_IP>-p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
iptables -A FORWARD -s 192.168.88.0/24 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.88.0/24 -j SNAT --to-source <PUBLIC_VPN_IP>
However this does not work, i cannot connect at all. I have used the "-s" switch in other simpler iptables rules and it works perfectly. Any help or pointers would be greatly appreciated

Post Reply