iptables - OUTPUT DROP not allowed?

Ask questions about your Access Server configuration here.
Post Reply
unplugme71
OpenVpn Newbie
Posts: 1
Joined: Mon Sep 26, 2011 8:39 pm

iptables - OUTPUT DROP not allowed?

Post by unplugme71 » Mon Sep 26, 2011 8:42 pm

So I have openVPN AS installed with default DROP for INPUT OUTPUT and FORWARD.

I explicity allow what needs to be entered for each. However, I can't connect to the VPN Server using the openVPN Connect software nor access https://IP_ADDRESS.

I can log in to the web address via https://IP_ADDRESS:943/admin

So I changed the default OUTPUT to ACCEPT and everything works. However, I want to control what goes out.

What can I add to the iptables 'OUTPUT' chain to allow my connections explicitly?

Right now I have

....
-A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 943 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p upd --sport 1194 -m state --state ESTABLISHED -j ACCEPT
....

Post Reply