#!/bin/bashIP=myvpnipiptables -Fiptables -Xiptables -t nat -Fiptable

1. #!/bin/bash
2. IP=myvpnip
3.  
4. iptables -F
5. iptables -X
6. iptables -t nat -F
7. iptables -t nat -X
8. iptables -t mangle -F
9. iptables -t mangle -X
10. ####
11. iptables -A INPUT -i lo -j ACCEPT
12. iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access
13. iptables -A OUTPUT -d 255.255.255.255 -j  ACCEPT #make sure  you can communicate with any DHCP server
14. iptables -A INPUT -s 255.255.255.255 -j ACCEPT #make sure you   can communicate with any DHCP server
15. iptables -A INPUT -s 10.8.6.5/24 -d 10.8.6.5/24 -j ACCEPT   #make sure that you can communicate within your own network
16. iptables -A OUTPUT -s 10.8.6.5/24 -d 10.8.6.5/24 -j ACCEPT
17. iptables -A FORWARD -i enp3s0 -o tun0 -j ACCEPT
18. iptables -A FORWARD -i tun0 -o enp3s0 -j ACCEPT # make sure that   eth+ and tun+ can communicate
19. iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE # in the   POSTROUTING chain of the NAT table, map the tun+ interface     outgoing packet IP address, cease examining rules and let the header  be modified, so that we don't have to worry about ports or any other  issue - please check this rule with care if you have already a NAT  table in your chain
20. iptables -A OUTPUT -o enp3s0 ! -d $IP -j DROP  # if destination for    outgoing packet on eth+ is NOT a.b.c.d, drop the packet, so that    nothing leaks if VPN disconnects