Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *nat
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :OUTPUT ACCEPT [1:76]
- #:POSTROUTING ACCEPT [1:76]
- :PREROUTING ACCEPT [0:0]
- -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
- COMMIT
- #
- # Run that command to get above, 'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE'
- #
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -i lo -j ACCEPT
- #-A OUTPUT -o lo -j ACCEPT
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
- -A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
- -A INPUT -i tun0 -j ACCEPT
- -A FORWARD -i tun0 -j ACCEPT
- -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
