Minor fix for IPTables rules

2025-01-31 04:21:43 +03:00 · 2016-06-06 12:18:22 -05:00 · 2016-06-06 12:18:22 -05:00 · feaeadb41a
commit feaeadb41a
parent 6aaf6240c1
2 changed files with 2 additions and 0 deletions
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@ -378,6 +378,7 @@ iptables -I FORWARD 6 -s 192.168.43.0/24 -o eth+ -j ACCEPT
 # To disallow (DROP) traffic between VPN clients themselves, uncomment these lines:
 # iptables -I FORWARD 2 -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j DROP
 # iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP
+iptables -A FORWARD -j DROP
 iptables -t nat -I POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
 iptables -t nat -I POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"

--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@ -382,6 +382,7 @@ iptables -I FORWARD 6 -s 192.168.43.0/24 -o eth+ -j ACCEPT
 # To disallow (DROP) traffic between VPN clients themselves, uncomment these lines:
 # iptables -I FORWARD 2 -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j DROP
 # iptables -I FORWARD 3 -s 192.168.43.0/24 -d 192.168.43.0/24 -j DROP
+iptables -A FORWARD -j DROP
 iptables -t nat -I POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j SNAT --to-source "$PRIVATE_IP"
 iptables -t nat -I POSTROUTING -s 192.168.42.0/24 -o eth+ -j SNAT --to-source "$PRIVATE_IP"