I'm running Centos 7 in a VM (I don't believe this should matter, but for context...)
Inside the VM, I'm running software to establish a tunnel. I can already accept connections from the host okay, but I want to force all outbound traffic over the tunnel.
How can I allow return packets for existing connections, while also ensuring no new connections are established from the box unless over tun0?
I've looked at this question iptables blocking all outbound connections but it appears a bit brute-force... I've been using firewall-cmd
and the output for iptables -L -n -v
is verbose.
Conversely, with Use specific interface for outbound connections (Ubuntu 9.04), I can't see how to apply it to centos.
How can I reliably ensure that all outbound traffic is either established over tun0 or not at all?
This would effectively prevent any outgoing (IPv4) traffic except on tun0.
Be aware that this will prevent any outbound traffic on any interface except tun0, which includes DHCP traffic, established SSH tunnels or the outbound packets from your established tunnel.
This can similarly be applied to IPv6 using
ip6tables
.