firewall: Make sure that only packets that go through the tunnel are passing OVPNBLOCK.
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 1 Mar 2014 15:44:05 +0000 (16:44 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 1 Mar 2014 15:44:05 +0000 (16:44 +0100)
src/initscripts/init.d/firewall

index de2a04b..dd67889 100644 (file)
@@ -106,9 +106,10 @@ iptables_init() {
 
        # Block OpenVPN transfer networks
        iptables -N OVPNBLOCK
-       for i in INPUT FORWARD; do
-               iptables -A ${i} -j OVPNBLOCK
-       done
+       iptables -A INPUT   -i tun+ -j OVPNBLOCK
+       iptables -A OUTPUT  -o tun+ -j OVPNBLOCK
+       iptables -A FORWARD -i tun+ -j OVPNBLOCK
+       iptables -A FORWARD -o tun+ -j OVPNBLOCK
 
        # OpenVPN transfer network translation
        iptables -t nat -N OVPNNAT