iptables - OUTPUT DROP not allowed?
Posted: Mon Sep 26, 2011 8:42 pm
So I have openVPN AS installed with default DROP for INPUT OUTPUT and FORWARD.
I explicity allow what needs to be entered for each. However, I can't connect to the VPN Server using the openVPN Connect software nor access https://IP_ADDRESS.
I can log in to the web address via https://IP_ADDRESS:943/admin
So I changed the default OUTPUT to ACCEPT and everything works. However, I want to control what goes out.
What can I add to the iptables 'OUTPUT' chain to allow my connections explicitly?
Right now I have
....
-A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 943 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p upd --sport 1194 -m state --state ESTABLISHED -j ACCEPT
....
I explicity allow what needs to be entered for each. However, I can't connect to the VPN Server using the openVPN Connect software nor access https://IP_ADDRESS.
I can log in to the web address via https://IP_ADDRESS:943/admin
So I changed the default OUTPUT to ACCEPT and everything works. However, I want to control what goes out.
What can I add to the iptables 'OUTPUT' chain to allow my connections explicitly?
Right now I have
....
-A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 943 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p upd --sport 1194 -m state --state ESTABLISHED -j ACCEPT
....