- sprintf(port, "%d", conn->port);
- setChainRules(OVPNRED, redif, conn->proto, port);
+ if (strcmp(conn->type, "net") == 0) {
+ addRule(OVPNINPUT, redif, conn->proto, conn->port);
+
+ /* Block all communication from the transfer nets. */
+ snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A %s -s %s -j DROP",
+ OVPNBLOCK, conn->transfer_subnet);
+ executeCommand(command);
+
+ local_subnet_address = getLocalSubnetAddress(conn);
+ transfer_subnet_address = calcTransferNetAddress(conn);
+
+ if ((local_subnet_address) && (transfer_subnet_address)) {
+ snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
+ OVPNNAT, transfer_subnet_address, local_subnet_address);
+ executeCommand(command);
+ }
+ }
+