Page 1 of 1

Iptables - Configuring client-specific rules

Posted: Fri Nov 08, 2019 11:04 am
by sdighi
i have this configuration for OpenVPN.
ip lan:
ip tun:

i have this iptables config

Code: Select all

# Flushing all rules
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -X

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Accept outbound on the primary interface
iptables -I OUTPUT -o ens192 -d -j ACCEPT

# Accept inbound TCP packets
iptables -I INPUT -i ens192 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow incoming SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -s -j ACCEPT

# Allow incoming OpenVPN
iptables -A INPUT -p udp --dport 1194 -m state --state NEW -s -j ACCEPT

# Enable NAT for the VPN
iptables -t nat -A POSTROUTING -s -o ens192 -j MASQUERADE

# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun0 -j ACCEPT

# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o ens192 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ens192 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow outbound access to all networks on the Internet from the VPN
iptables -A FORWARD -i tun0 -s -d -j ACCEPT

# Block client-to-client routing on the VPN
iptables -A FORWARD -i tun0 -s -d -j DROP

openvpn is configured for assign static ip to the clients (,, ecc)

i want permit only communication to certain ip in the network
Example: -> -> -> all network

i read this: ... -policies/
but the configuration no work.
can anybody help me? thanks

Re: Iptables - Configuring client-specific rules

Posted: Wed Nov 13, 2019 9:34 am
by sdighi
the configuration required is related to iptables, thanks