iptables not filtering client with static IP
Posted: Tue Jun 06, 2017 7:15 pm
With this combination I was expecting that testuser with IP 172.141.127.1 would be prevented from reaching my servers on 172.31.x.x
What am I missing?
Code: Select all
/etc/openvpn $ cat ccd/testuser
ifconfig-push 172.141.127.1 172.141.127.2
/etc/openvpn $ sudo iptables -nL --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 LOG all -- 172.141.127.0/24 0.0.0.0/0 LOG flags 0 level 4 prefix `** ONO **'
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 172.141.127.1 172.128.1.0/24 tcp
2 REJECT tcp -- 172.141.127.0/24 0.0.0.0/0 tcp reject-with icmp-host-prohibited
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 ACCEPT all -- 172.31.0.0/16 0.0.0.0/0
5 ACCEPT tcp -- 172.127.0.0/20 172.31.6.110 tcp dpt:22
6 REJECT tcp -- 172.127.0.0/20 0.0.0.0/0 tcp dpt:22 reject-with icmp-host-prohibited
7 ACCEPT all -- 172.127.0.0/20 0.0.0.0/0
8 ACCEPT tcp -- 172.141.0.0/17 172.31.6.110 tcp dpt:22
9 REJECT tcp -- 172.141.0.0/17 0.0.0.0/0 tcp dpt:22 reject-with icmp-host-prohibited
10 ACCEPT all -- 172.141.0.0/17 0.0.0.0/0
11 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
