FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 02-11-2010, 10:55 PM
Chris
 
Default Iptables on Client w/OpenVPN

Greetings,

Here's my situation:

I want to deny all incoming on my PC but want to allow my OVPN client
to access a remove OVPN server.

My PC has just has the one nic and goes to a cable modem. Nothing real
fancy.

Any pointers or examples would be greatly appreciated!

TIA

--
Regards,

Chris

"When the people fear their government, there is tyranny; when the
government fears the people, there is liberty."

-- Thomas Jefferson
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 02-12-2010, 09:00 AM
Chris
 
Default Iptables on Client w/OpenVPN

Greetings,

Here's my situation:

I want to deny all incoming on my PC but want to allow my OVPN client
to access a remove OVPN server.

My PC has just has the one nic and goes to a cable modem. Nothing real
fancy.

Any pointers or examples would be greatly appreciated!

TIA

--
Regards,

Chris

"When the people fear their government, there is tyranny; when the
government fears the people, there is liberty."

-- Thomas Jefferson

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-12-2010, 01:11 PM
Rashkae
 
Default Iptables on Client w/OpenVPN

Chris wrote:
> Greetings,
>
> Here's my situation:
>
> I want to deny all incoming on my PC but want to allow my OVPN client
> to access a remove OVPN server.
>
> My PC has just has the one nic and goes to a cable modem. Nothing real
> fancy.
>
> Any pointers or examples would be greatly appreciated!
>
> TIA
>

Lots of choice, I present 3.

Firestarter has a great GUI for simple firewall configurations. You
have to install it.

Ubuntu comes with a pre-configured firewall, but is disabled by default.
To use it, sudo gedit /etc/ufw/ufw.conf and set Enable to yes.

And finally: the masochist way (often my favorite)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -P INPUT DROP

This, of course, assumes that when you say you want to block all
incoming connections, you actually mean to allow connections that your
computer initiates...if you really want to prevent your computer from
receiving any packets from the net whatsoever.....

iptables -A INPUT -p udp --dport ##### -s ipaddress -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -P INPUT DROP

The ###### needs to be set to a port number you configure your ovpn
client to use all the time. and ipaddress is the address of the ovpn server.

Oh, I almost forgot, you'll also want to allow incoming connections from
the ovpn connection, so you'll also need something like:
/sbin/iptables -A INPUT -i tun+ -j ACCEPT

And you'll also probably want to do something about ip6

/sbin/ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -i tun+ -j ACCEPT
/sbin/ip6tables -P INPUT DROP


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-13-2010, 07:41 PM
Pavel Lisý
 
Default Iptables on Client w/OpenVPN

Chris p*še v Čt 11. 02. 2010 v 17:55 -0600:
> Greetings,

I think default configuration is OK for your case

check it in file:
/etc/sysconfig/iptables

line:
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Pavel

> Here's my situation:
>
> I want to deny all incoming on my PC but want to allow my OVPN client
> to access a remove OVPN server.
>
> My PC has just has the one nic and goes to a cable modem. Nothing real
> fancy.
>
> Any pointers or examples would be greatly appreciated!
>
> TIA
>
> --
> Regards,
>
> Chris
>
> "When the people fear their government, there is tyranny; when the
> government fears the people, there is liberty."
>
> -- Thomas Jefferson


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 04:01 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org