#Set default policy of chain iptables -P FORWARD DROP #iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o 172.25.0.0/24 -j MASQUERADE # Allow traffic initiated from VPN to access LAN #iptables -I FORWARD -i tun0 -o $NIC -s 10.8.0.0/24 -d 172.25.0.0/24 -m conntrack --ctstate NEW -j ACCEPT # Allow established traffic to pass back and forth #iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -d $DNS1/32 -o $NIC -j MASQUERADE #iptables -A INPUT -i tun0 -j ACCEPT #iptables -A FORWARD -i $NIC -o tun0 -j ACCEPT #iptables -A FORWARD -i tun0 -o $NIC -j ACCEPT #iptables -A INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT #iptables -A FORWARD -i tun0 -o $NIC -s 10.8.0.0/24 -d 172.25.0.0/24 -j ACCEPT #iptables -A FORWARD -i $NIC -o tun0 -s $DNS1/32 -d 10.8.0.0/24 -j ACCEPT #iptables -P FORWARD DROP #allow traffic to route from VPN subnet to specific host in subnet iptables -A FORWARD -i tun0 -s 10.8.0.0/24 -d $DNS1/32 -j ACCEPT #allow traffic from host in server subnet back to VPN subnet iptables -A FORWARD -o tun0 -s $DNS1/32 -d 10.8.0.0/24 -j ACCEPT