From feaeadb41a5e28c871a42a038cdea5ab2b90d0f2 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Mon, 6 Jun 2016 12:18:22 -0500
Subject: [PATCH] Minor fix for IPTables rules

---
 vpnsetup.sh        | 1 +
 vpnsetup_centos.sh | 1 +
 2 files changed, 2 insertions(+)

diff --git a/vpnsetup.sh b/vpnsetup.sh
index 4b5033b..4d12173 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -378,6 +378,7 @@ iptables -I FORWARD 6 -s 192.168.43.0/24 -o eth+ -j ACCEPT
 # To disallow (DROP) traffic between VPN clients themselves, uncomment these lines:
 # iptables -I FORWARD 2 -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j DROP
 # iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP
+iptables -A FORWARD -j DROP
 iptables -t nat -I POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
 iptables -t nat -I POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"
 
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index acd4fcf..f481cb3 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -382,6 +382,7 @@ iptables -I FORWARD 6 -s 192.168.43.0/24 -o eth+ -j ACCEPT
 # To disallow (DROP) traffic between VPN clients themselves, uncomment these lines:
 # iptables -I FORWARD 2 -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j DROP
 # iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP
+iptables -A FORWARD -j DROP
 iptables -t nat -I POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
 iptables -t nat -I POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"