# Block OpenVPN transfer networks
/sbin/iptables -N OVPNBLOCK
- for i in INPUT FORWARD OUTPUT; do
+ for i in INPUT FORWARD; do
/sbin/iptables -A ${i} -j OVPNBLOCK
done
/sbin/iptables -N FORWARDFW
/sbin/iptables -A FORWARD -j FORWARDFW
+ # SNAT rules
+ /sbin/iptables -t nat -N NAT_SOURCE
+ /sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
+
# RED chain, used for the red interface
/sbin/iptables -N REDINPUT
/sbin/iptables -A INPUT -j REDINPUT
/sbin/iptables -t nat -N NAT_DESTINATION
/sbin/iptables -t nat -A PREROUTING -j NAT_DESTINATION
- # SNAT rules
- /sbin/iptables -t nat -N NAT_SOURCE
- /sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
-
# upnp chain for our upnp daemon
/sbin/iptables -t nat -N UPNPFW
/sbin/iptables -t nat -A PREROUTING -j UPNPFW