On Sat, Mar 19, 2016 at 11:52:59PM +0000, Zoltán Szabó wrote: > After some weeks of testing this config proved that it is working > great. > > Now I would like to restrict some clients from accessing certain > services on the VPN. > > So I am trying it with iptables but even if I add a really simple > rule just to drop everything coming from one client, it is not > dropping. > > So adding this: > iptables -A FORWARD -s 10.8.1.0 -j DROP
If you have enabled --client-to-client the kernel routing table & firewall is bypassed. This is to be expected. Remove --client-to-client if you need firewalling. > Do you have any idea how can I make it work? Even I tired to add > it to INPUT and OUTPUT. Forwarded packets do not go to INPUT nor OUTPUT chains. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
