OpenVPN Support Forum

I have been trying to figure out a way to block clients from accessing a specific port on the OpenVPN server itself. I assume I need to use IPTables, but I just can't get my head wrapped around it. I also assume it should be applied to the tun0 interface, but I am not 100% sure on that.

An example would be I need to block 10.8.0.6 (the client's OpenVPN address) from reaching tcp port 4555 on the actual Open VPN server.

Can anyone help out with this?

I also assume it should be applied to the tun0 interface

Indeed, take a look here:
https://community.openvpn.net/openvpn/w ... acketsFlow

This (and variations) is what I have tried, and nothing seems to work. I even tried UDP just to make sure I wasn't wrong on the protocol.
Any help would be greatly appreciated, and thanks for the response.

For reasons I won't go into, I need to open up the management of OpenVPN to something other than localhost, but ultimately, it ends up that all the clients are able to access it as well. So that is what I am trying to block (but I want my client to actually be able to access it).

(and before anyone asks, the IP addresses, ports, etc are not real - just an example that I can use to extrapolate the info)

so it turned out I had a rule in UFW that was allowing my port through. Once I deleted the UFW rule, then it started working as I expect. The final rule was:
Which allows only my client to get to that port, and all the rest are dropped (default policy on INPUT is drop).