OpenVPN Support Forum

I used this two rules, it work.
iptables -t filter -A FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.1.100 -m state --state NEW -j ACCEPT
iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

But I want to put more restriction on it, so I change it to
iptables -t filter -A FORWARD -p tcp -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.1.100 --dport 80 -m state --state NEW -j ACCEPT
iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

It stop working at this point.

while i dont know what exactly are you trying to do but keep in mind that:

iptables are read sequentially , first match is applied

if none of your rules match then the default is applied

so, without posting the complete ruleset used no one knows why your rules fail,
also -A is for APPENING a rule , keep in mind the sequentially thing i said...


Michael.

I don't think that should related to my other rules. Since the first two rules work, which mean the packet is not getting blocked before hitting these rules. Also, what I changed is only adding more restriction on only allow tcp to remote port 80. which is what I am currently using. If it get blocked, Is that mean the traffic is no using tcp?