14

How to activate iptables after connecting to VPN?

view full story
linux-howto

http://serverfault.com – I want to block all non-vpn traffic, for which I have a script with iptables rules that works fine. The problem is that I can only set those rules after being connected to the vpn (if I do it before, I can't connect to the vpn). The connection to the vpn happens when I login, because that's how the network manager works (each user can handle its own connections). So how do I auto-execute a script as root, after I'm logged in and connected to the vpn? I might need this even for non sudoer users (HowTos)

grtyyu's picture
Submitted by grtyyu on 06/22/2012 – Made popular on 06/22/2012

Stories similar to How to activate iptables after connecting to VPN?

Hello ,

I am trying solve a strange problem which ocurred after upgrading many packages including kernel and iptables.

In my iptables script I have been experimenting with writing as finely grained rules as possible. I limit which users are allowed to use which services, partly for security and partly as a learning exercise.

Using iptables v1.4.16.2 on Debian 6.0.6 running the 3.6.2 kernel.

However I've hit an issue I don't quite understand yet.. .

outgoing ports for all users

This works perfectly fine.

I have a script that is several hundred lines long full of iptables rules (I've spent way too much time on this, and had far too much fun testing it) but when I run the script, the rules go in wrong - that is, when I do...

Code: iptables -vnL The order (being that iptables starts at the top of the chain and works its way down) is out of order, but it's ordered properly in the script.

I wrote the following iptables rules. My main intention was to do these things

allow ssh traffic to any machine allow web traffic(http,https, and some ssh) to a select number of websites(effectively a whitelist) allow all traffic to 192.168.0.x (machines in my subnet) allow all traffic with the loopback interface don't mess up the current connections

So i wrote the following set of iptables ru

There is a firewall/gateway machine with eth0 Public and eth1 Private network (192.168.1.0).

I would like to block all OUTPUT connections for private users (eth1) except couple of networks like: 123.123.123.0/24, 91.12.31.0/24 etc.

Hello,Someone here can explain me why iptables is slow to load iptables rules from a script after a reboot?it can take up to 2 minutes to make iptables start loading rules

ejabberd starts slow and fails 35 weeks 4 days ago

I installed ejabberd and tried to set it up. On my server there are strict rules which allow only several services and denies everything else.

I experienced starting problems with my iptables rules and found out that ejabberd works when I allow everything in the iptables and restore my rules afterwards.

I am trying to add iptables rule to allow traffic on ports 465 & 587 to google apps smtp servers. But I got not luck. My WHMCS installation works fine with google apps when I turn off iptables but iptables turn on itself again and email stop working.

I want to allow user to check how many rules are present in filter table, but not able to view actual rules, is that possible?

literally I mean iptables -L | wc -l (I know it's faulty), but sudo doesn't seem to support pipe commands like that, I mean, currently If I wanted to allow that, I need to grant permission to run iptables -L instead of iptables -L | wc -l

Any thoughts?