Are these necessary if I don't follow RFC1918 on the client?
AS0_IN all -- anywhere link-local/16
AS0_IN all -- anywhere 192.168.0.0/16
AS0_IN all -- anywhere 172.16.0.0/12
AS0_IN all -- anywhere 10.0.0.0/8
thinking about to drop it because of spoofing and bad ip attacks.
what do you think?
iptables AS0_IN_PRE questions.
-
seandex
- OpenVpn Newbie
- Posts: 14
- Joined: Mon Jun 20, 2016 5:00 pm
-
novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: iptables AS0_IN_PRE questions.
Hi seandex,
As far as I know it's not supported to manually alter iptables rules on Access Server, you may cause unexpected problems. But I mean, sure, if you think you know what you're doing, go ahead and try it. Test everything afterwards and if everything checks out, great. But beware that whenever you make changes to the configuration or the access server restarts or reloads settings, these rules will very likely be added in again automatically.
As far as I know it's not supported to manually alter iptables rules on Access Server, you may cause unexpected problems. But I mean, sure, if you think you know what you're doing, go ahead and try it. Test everything afterwards and if everything checks out, great. But beware that whenever you make changes to the configuration or the access server restarts or reloads settings, these rules will very likely be added in again automatically.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.