*mangle:PREROUTING ACCEPT [1381:181833]:INPUT ACCEPT [1381:181833]:FORWARD AC

1. *mangle
2. :PREROUTING ACCEPT [1381:181833]
3. :INPUT ACCEPT [1381:181833]
4. :FORWARD ACCEPT [0:0]
5. :OUTPUT ACCEPT [670:141877]
6. :POSTROUTING ACCEPT [670:141877]
7. -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
8. COMMIT
9.  
10. *nat
11. :PREROUTING ACCEPT [41:3498]
12. :INPUT ACCEPT [41:3498]
13. :OUTPUT ACCEPT [1:164]
14. :POSTROUTING ACCEPT [1:164]
15. -A POSTROUTING -s 10.8.0.0/24 -o eno1 -j MASQUERADE
16. COMMIT
17.  
18. *filter
19. :INPUT ACCEPT [0:0]
20. :FORWARD ACCEPT [0:0]
21. :OUTPUT ACCEPT [16:3245]
22. -A INPUT -p tcp -m tcp --dport 2288 -j ACCEPT
23. -A INPUT -s 127.0.0.1/32 -p udp -m udp --dport 111 -j ACCEPT
24. -A INPUT -p udp -m udp --dport 111 -j DROP
25. -A INPUT -i tun0 -j ACCEPT
26. -A INPUT -i lo -j ACCEPT
27. -A INPUT -i tun0 -p tcp -m tcp --dport 1194 -j ACCEPT
28. -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
29. -A FORWARD -s 10.8.0.0/24 -o eth0 -j ACCEPT
30. -A FORWARD -i tun0 -j ACCEPT
31. -A FORWARD -i eno0 -o tun+ -j ACCEPT
32. -A FORWARD -i tun+ -o eno0 -j ACCEPT
33. COMMIT
34.  
35. port 1194
36. proto udp
37. dev tun
38. ca ca.crt
39. cert server.crt
40. key server.key
41. dh dh2048.pem
42. server 10.8.0.0 255.255.255.0
43. ifconfig-pool-persist ipp.txt
44. push "redirect-gateway def1"
45. push "dhcp-option DNS 8.8.8.8"
46. push "dhcp-option DNS 8.8.4.4"
47. keepalive 10 120
48. cipher AES-256-CBC
49. comp-lzo
50. user nobody
51. group nobody
52. status openvpn-status.log
53. verb 3
54.  
55. client
56. dev tun
57. proto udp
58. remote <server> 1194
59. resolv-retry infinite
60. nobind
61. persist-key
62. persist-tun
63. comp-lzo
64. verb 3
65. ca ca.crt
66. cert client.crt
67. key client.key
68.  
69. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
70. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
71. inet 127.0.0.1/8 scope host lo
72. valid_lft forever preferred_lft forever
73. inet6 ::1/128 scope host
74. valid_lft forever preferred_lft forever
75. 2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
76. link/ether 00:1e:c9:f8:e6:b4 brd ff:ff:ff:ff:ff:ff
77. inet - brd - scope global eno1
78. valid_lft forever preferred_lft forever
79. inet6 2001:f40:0:1::f5:a/126 scope global
80. valid_lft forever preferred_lft forever
81. inet6 fe80::7a50:f43b:ba31:ab6/64 scope link
82. valid_lft forever preferred_lft forever
83. 3: eno2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
84. link/ether 00:1e:c9:f8:e6:b5 brd ff:ff:ff:ff:ff:ff
85. 4: enp7s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
86. link/ether 00:15:17:8f:f3:09 brd ff:ff:ff:ff:ff:ff
87. 6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
88. link/ether 52:54:00:a9:e6:9d brd ff:ff:ff:ff:ff:ff
89. inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
90. valid_lft forever preferred_lft forever
91. 7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
92. link/ether 52:54:00:a9:e6:9d brd ff:ff:ff:ff:ff:ff
93. 8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
94. link/none
95. inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
96. valid_lft forever preferred_lft forever