# Block OpenVPN transfer networks
iptables -N OVPNBLOCK
- for i in INPUT FORWARD; do
- iptables -A ${i} -j OVPNBLOCK
- done
+ iptables -A INPUT -i tun+ -j OVPNBLOCK
+ iptables -A OUTPUT -o tun+ -j OVPNBLOCK
+ iptables -A FORWARD -i tun+ -j OVPNBLOCK
+ iptables -A FORWARD -o tun+ -j OVPNBLOCK
# OpenVPN transfer network translation
iptables -t nat -N OVPNNAT
iptables -t nat -N REDNAT
iptables -t nat -A POSTROUTING -j REDNAT
- iptables_red
-
# Custom prerouting chains (for transparent proxy)
iptables -t nat -N SQUID
iptables -t nat -A PREROUTING -j SQUID
iptables -N POLICYOUT
iptables -A OUTPUT -j POLICYOUT
+ # Initialize firewall policies.
/usr/sbin/firewall-policy
- # read new firewall
- /usr/local/bin/firewallctrl
+ # Install firewall rules for the red interface.
+ iptables_red
}
iptables_red() {
iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
fi
+
+ # Reload all rules.
+ /usr/local/bin/firewallctrl
}
# See how we were called.