Я настроил VPN для частного поставщика услуг через OpenVPN.
Эта настройка использует VPN в качестве шлюза по умолчанию.
It all works fine but when I try to apply some basic iptables
rules to filter traffic in and out the tunnel, I don't seem to be able to affect the inbound traffic. Outbound filtering appears to work fine though.
I suppose my iptables
rules refer to tun12 which for output can be filtered happily but inbound I would only see the UDP traffic on port 1194 as it's still encrypted. I'm working with the FORWARD table at the moment.
How do I go applying iptables
filtering inbound?
root@router# iptables -nvL FORWARD
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOTHIS-IN all -- tun12 * 0.0.0.0/0 0.0.0.0/0 state NEW
11323 780K DOTHIS-OUT all -- * tun12 0.0.0.0/0 0.0.0.0/0 state NEW
NOTE: this is happening only when I match status NEW. If I remove the match the iptables work fine.
root@router# iptables -nvL FORWARD Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DOTHIS-IN all -- tun12 * 0.0.0.0/0 0.0.0.0/0 state NEW 6154K 8071M DOTHIS-IN all -- tun12 * 0.0.0.0/0 0.0.0.0/0
NOTE2: the tunnel is nat enabled
Thanks!
Вы можете попробовать фильтрацию на основе IP-адресов VPN вместо интерфейса.
Вы пытались сопоставить трафик, идущий из туннеля, на основе пункта назначения для теста?