Peter Nunn

Asked: 2018-01-22 22:21:07 +0800 CST2018-01-22 22:21:07 +0800 CST 2018-01-22 22:21:07 +0800 CST

Shorewall blocking outbound traffic to one IP on a vpn tunnel

I'm trying to set up shorewall to block traffic to one particular IP address that is routed over an openvpn tunnel.

Naively I have the following shorewall rules in place

#Don't allow connection pickup from the net
Invalid(DROP)   net     all     tcp

# Openvpn
ACCEPT  net     $FW     udp 1194

# All out
ACCEPT  $FW     net     all
DROP all net:146.aaa.yyy.xx

#PING
ACCEPT  $FW     loc     icmp
#ACCEPT $FW     net     icmp

But I can still ftp to 146.aaa.yyy.xx.

This traffic is routed through a second client vpn connection to another server that has a connection to the 146.aaa network, net the inbound openvpn connection shown here.

So I assume the vpn routing for the client connection is happening before this rule gets to it (or is my order wrong with the accept outbound being first)?

Am I on the right track here or barking up the wrong tree?

Shorewall blocking outbound traffic to one IP on a vpn tunnel

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Shorewall blocking outbound traffic to one IP on a vpn tunnel

0 Answers