You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29 lines
1.1 KiB
29 lines
1.1 KiB
4 years ago
|
#Set default policy of chain
|
||
|
iptables -P FORWARD DROP
|
||
|
|
||
|
|
||
|
#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o 172.25.0.0/24 -j MASQUERADE
|
||
|
|
||
|
# Allow traffic initiated from VPN to access LAN
|
||
|
#iptables -I FORWARD -i tun0 -o $NIC -s 10.8.0.0/24 -d 172.25.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
|
||
|
|
||
|
# Allow established traffic to pass back and forth
|
||
|
#iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||
|
|
||
|
|
||
|
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -d $DNS1/32 -o $NIC -j MASQUERADE
|
||
|
#iptables -A INPUT -i tun0 -j ACCEPT
|
||
|
#iptables -A FORWARD -i $NIC -o tun0 -j ACCEPT
|
||
|
#iptables -A FORWARD -i tun0 -o $NIC -j ACCEPT
|
||
|
#iptables -A INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT
|
||
|
|
||
|
|
||
|
#iptables -A FORWARD -i tun0 -o $NIC -s 10.8.0.0/24 -d 172.25.0.0/24 -j ACCEPT
|
||
|
#iptables -A FORWARD -i $NIC -o tun0 -s $DNS1/32 -d 10.8.0.0/24 -j ACCEPT
|
||
|
#iptables -P FORWARD DROP
|
||
|
|
||
|
#allow traffic to route from VPN subnet to specific host in subnet
|
||
|
iptables -A FORWARD -i tun0 -s 10.8.0.0/24 -d $DNS1/32 -j ACCEPT
|
||
|
#allow traffic from host in server subnet back to VPN subnet
|
||
|
iptables -A FORWARD -o tun0 -s $DNS1/32 -d 10.8.0.0/24 -j ACCEPT
|