Jump to content
Not connected, Your IP: 3.133.149.244
Sign in to follow this  
xiuhtecuhtli

leaky iptables

Recommended Posts

Hello,

I was using a custom iptables configuration on my linux machine to prevent leaking traffic when there is no VPN connection. It turned out that this was not working as intended. The setup is as follows:

 

# Generated by iptables-save v1.4.21 on Tue Jul 28 08:41:14 2015
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun_VPN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p udp -m udp --dport 137:139 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 137:139 -j ACCEPT
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o tun_VPN -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 192.168.178.0/24 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 443 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
COMMIT
# Completed on Tue Jul 28 08:41:14 2015
# Generated by iptables-save v1.4.21 on Tue Jul 28 08:41:14 2015
*raw
:PREROUTING ACCEPT [401888643:90239100065]
:OUTPUT ACCEPT [435536742:240450539325]
COMMIT
# Completed on Tue Jul 28 08:41:14 2015

 
If anyone could tell me why this didn't work, I would greatly appreciate it. Thanks.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...