xiuhtecuhtli 0 Posted ... Hello,I was using a custom iptables configuration on my linux machine to prevent leaking traffic when there is no VPN connection. It turned out that this was not working as intended. The setup is as follows: # Generated by iptables-save v1.4.21 on Tue Jul 28 08:41:14 2015*filter:INPUT DROP [0:0]:FORWARD DROP [0:0]:OUTPUT DROP [0:0]-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -i tun_VPN -j ACCEPT-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT-A INPUT -s 192.168.178.0/24 -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 2049 -j ACCEPT-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 58846 -j ACCEPT-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 3306 -j ACCEPT-A INPUT -s 192.168.178.0/24 -p udp -m udp --dport 137:139 -j ACCEPT-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 137:139 -j ACCEPT-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable-A INPUT -p tcp -j REJECT --reject-with tcp-reset-A INPUT -j REJECT --reject-with icmp-proto-unreachable-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT-A OUTPUT -o tun_VPN -j ACCEPT-A OUTPUT -o lo -j ACCEPT-A OUTPUT -d 192.168.178.0/24 -j ACCEPT-A OUTPUT -p udp -m udp --dport 443 -j ACCEPT-A OUTPUT -p udp -m udp --dport 53 -j ACCEPTCOMMIT# Completed on Tue Jul 28 08:41:14 2015# Generated by iptables-save v1.4.21 on Tue Jul 28 08:41:14 2015*raw:PREROUTING ACCEPT [401888643:90239100065]:OUTPUT ACCEPT [435536742:240450539325]COMMIT# Completed on Tue Jul 28 08:41:14 2015 If anyone could tell me why this didn't work, I would greatly appreciate it. Thanks. Quote Share this post Link to post