#Set default policy of chain 
iptables -P FORWARD DROP


#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o 172.25.0.0/24 -j MASQUERADE

# Allow traffic initiated from VPN to access LAN
#iptables -I FORWARD -i tun0 -o $NIC -s 10.8.0.0/24 -d 172.25.0.0/24 -m conntrack --ctstate NEW -j ACCEPT

# Allow established traffic to pass back and forth
#iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT


iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -d $DNS1/32 -o $NIC -j MASQUERADE
#iptables -A INPUT -i tun0 -j ACCEPT
#iptables -A FORWARD -i $NIC -o tun0 -j ACCEPT
#iptables -A FORWARD -i tun0 -o $NIC -j ACCEPT
#iptables -A INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT


#iptables -A FORWARD -i tun0 -o $NIC -s 10.8.0.0/24 -d 172.25.0.0/24 -j ACCEPT
#iptables -A FORWARD -i $NIC -o tun0 -s $DNS1/32 -d 10.8.0.0/24 -j ACCEPT
#iptables -P FORWARD DROP

#allow traffic to route from VPN subnet to specific host in subnet
iptables -A FORWARD -i tun0 -s 10.8.0.0/24 -d $DNS1/32 -j ACCEPT
#allow traffic from host in server subnet back to VPN subnet
iptables -A FORWARD -o tun0 -s $DNS1/32 -d 10.8.0.0/24 -j ACCEPT