> Arne Schwabe <a...@rfc2549.org> hat am 08.11.2021 12:36 geschrieben: > > > Am 07.11.21 um 18:40 schrieb Frank Lichtenheld: > > From: Adrian <adrian.cre...@protonmail.com> > > > > The man page says: > > [!] -s, --source address[/mask][,...] > > > > Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com> > > --- > > sample/sample-config-files/firewall.sh | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > As part of an initative to clean up the Github PR submissions, submitting > > this patch to the mailing list for inclusion. Looks obviously correct to > > me. > > > > diff --git a/sample/sample-config-files/firewall.sh > > b/sample/sample-config-files/firewall.sh > > index 19d75ee9..456700ca 100755 > > --- a/sample/sample-config-files/firewall.sh > > +++ b/sample/sample-config-files/firewall.sh > > @@ -50,7 +50,7 @@ iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP > > iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP > > > > # Check source address validity on packets going out to internet > > -iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP > > +iptables -A FORWARD ! -s $PRIVATE -i eth1 -j DROP > > > > # Allow local loopback > > iptables -A INPUT -s $LOOP -j ACCEPT > > > > > I have a vague idea that this is actually different. Like one is that > condition is not fulfilled and the other is that it is not part of the > subnet if is different when there is different protocol but I might > misremember.
Certainly does not work with my iptables: # iptables -A OUTPUT -s ! 10.0.0.0/8 -j ACCEPT Bad argument `10.0.0.0/8' Try `iptables -h' or 'iptables --help' for more information. # iptables -A OUTPUT ! -s 10.0.0.0/8 -j ACCEPT # Regards, Frank _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
