Jump to content
Not connected, Your IP:

iptables, routing tables & firewall rules to block all non-VPN traffic

Recommended Posts

Dear community,


Hoping someone can help with this....


I am trying to setup a firewall script for my router running Tomato Firmware 1.28.0000 -121 K26ARM USB AIO-64K by SHIBBY on a Netgear R7000 Nighthawk on mostly default settings apart from the VPN Client.


The script is to block all non-VPN traffic even if the connection fails and i have tried several suggestions made in the forums without success.


Below is the script most people have success with (except me):


iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

(from https://airvpn.org/topic/4287-how-to-block-all-traffic-with-dd-wrt-if-vpn-connection-fails/)


I think the problem lies in the assigned interface names. Below is my current routing table while VPN'd:



In short can someone modify the script to suite my arrangement??

or let me know what direction I need to take to set this up.... using the script above lets traffic through even if I stop the VPN client and my attempts to modify usually blocks all traffic.


Any help would me much appreciated,



Share this post

Link to post

Replace all instances of tun0 with tun12. The interface for VPN client 2 on most Tomato distributions is TUN12. Client 1 is TUN11. You routing table looks like you're using TUN12.

Share this post

Link to post

I had this problem yesterday. Your using pppoe as your wan connection so vlan2 isn't the wan interface.

If you add the following after vlan2 then it will work for DHCP or PPPOE and block the traffic if the vpn drops

iptables -I FORWARD -i br0 -o ppp0 -j DROP

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image

  • Create New...