Basically I don't want any packages to leave the computer in case the VPN tunnel disconnects.
I'm pretty rusty on iptables and such, haven't needed it for a year or so now, but this is what I have so far.
Code: Select all
iptables -I OUTPUT -d 46.246.44.130 -p udp -j ACCEPT
iptables -I OUTPUT -s 46.246.44.174 -d 46.246.44.0/24 -j ACCEPT
iptables -I OUTPUT -j DROP
46.246.44.0/24 - Is the VPN network/CIDR (OpenVPN adds a bunch of new routes so I wasn't sure)
Code: Select all
0.0.0.0 46.246.44.1 0.0.0.0 UG 0 0 0 tun0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
46.246.44.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
46.246.44.130 10.0.2.2 255.255.255.255 UGH 0 0 0 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0
Code: Select all
eth2 Link encap:Ethernet HWaddr 08:00:27:24:a3:5d
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe24:a35d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:607109 errors:0 dropped:0 overruns:0 frame:0
TX packets:269609 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:434745672 (434.7 MB) TX bytes:45285337 (45.2 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2366 errors:0 dropped:0 overruns:0 frame:0
TX packets:2366 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:211324 (211.3 KB) TX bytes:211324 (211.3 KB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:46.246.44.174 P-t-P:46.246.44.174 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:114 errors:0 dropped:0 overruns:0 frame:0
TX packets:45497 errors:0 dropped:43485 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:14176 (14.1 KB) TX bytes:66794248 (66.7 MB)
So far I haven't gotten it to work.
Does anyone know how to do it properly?