Re: [Openvpn-users] firewalling TUN iface - how?

Mon, 03 May 2021 05:59:41 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256




Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, 3 May 2021 11:39, lejeczek via Openvpn-users 
<openvpn-users@lists.sourceforge.net> wrote:

> On 03/05/2021 02:35, Kenneth Porter wrote:
>
> > --On Sunday, May 02, 2021 4:02 PM +0100 lejeczek via
> > Openvpn-users openvpn-users@lists.sourceforge.net wrote:
> >
> > > Not being an expert I expected that, on a Linux box, I
> > > can firewall
> > > 'tun0' of ovpn server.
> > > Using 'firewalld' it put 'tun0' into a dedicated zone and
> > > selected a few
> > > ports for access but it turns out that clients see all
> > > ports as
> > > accessible.
> >
> > "All ports" of what? The OpenVPN server or the LAN/WAN
> > behind it? Until very recently, firewalld had little
> > support for gateways and forwarding, and OpenVPN
> > interfaces are normally routed to other interfaces using
> > the FORWARD table. firewalld mainly deals with the INPUT
> > table. So you might have to add some manual iptables rules
> > to FORWARD to get what you want. You might want to ask on
> > the firewalld list for assistance.
>
> that in the question - tun0. 'tun0' in the zone, tun0's ports.
> Yes I have "client-to-client" but like I said - ... firewall
> 'tun0' of ovpn server.

You *must* remove --client-to-client if you want to use a firewall
on the tun device.  Otherwise, no packets between clients will be
filtered by your firewall.


-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAGBQJgj/NUACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ0/TAgAo0bbVes0hoFWOkRw0cXhBZN3+BWwFOg7rq0mV+vqUrey1E96
+4wQW8fdH2t+Tj1NRo+XLvtQf52fgIGLYH0BSXH4+THBhzjAqyWb8ueGYcyv
vJisfKWwtq9Qz31Fy/9/E60xj4Jwk402PjsSNVJcpd2mK3jWetfKtRQYqfmX
Pz6LXLYtX39ogpWJW3/FdQ5+IRieDbvsyZhqpVEZzjTIfn7mSrP6o49xmpa/
rQOKuBERt6J5L6es9ERkEmov/LSe8PsdPKrKslg3f6zur/ONT0D3WqC3yf7y
Pcg/fHG1iBskTBdbOPeXq2bUAXoDYeR6bqR+Np1tKfGCzj3bMWM2Tg==
=H6PT
-----END PGP SIGNATURE-----

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to