Search the Community
Showing results for tags 'lxc'.
Found 1 result
-
Hello, can someone explain how the iptables need to be changed for me in order to get the desired network lock working? $ ifconfig eth0 Link encap:Ethernet HWaddr 00:16:3e:f0:ea:1a inet addr:10.0.3.226 Bcast:10.0.3.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fef0:ea1a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14427656 errors:0 dropped:0 overruns:0 frame:0 TX packets:9119526 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:20539458438 (20.5 GB) TX bytes:2946926836 (2.9 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:510367 errors:0 dropped:0 overruns:0 frame:0 TX packets:510367 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:109371859 (109.3 MB) TX bytes:109371859 (109.3 MB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.4.7.67 P-t-P:10.4.7.67 Mask:255.255.0.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:965 (965.0 TX bytes:2086 (2.0 KB) $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 10.0.3.1 0.0.0.0 UG 0 0 0 eth0 10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.4.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 128.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 178.162.198.103 10.0.3.1 255.255.255.255 UGH 0 0 0 eth0 From https://airvpn.org/faq/software_lock/: # Flush iptables -F iptables -t nat -F iptables -t mangle -F # Flush V6 ip6tables -F ip6tables -t nat -F ip6tables -t mangle -F # Local iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Local V6 ip6tables -A INPUT -i lo -j ACCEPT ip6tables -A OUTPUT -o lo -j ACCEPT # Make sure you can communicate with any DHCP server iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT iptables -A INPUT -s 255.255.255.255 -j ACCEPT # Make sure that you can communicate within your own network if Private Network option is enabled iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT iptables -A OUTPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT iptables -A INPUT -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT iptables -A OUTPUT -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT # Allow incoming pings if Ping option is enabled iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # Allow established sessions to receive traffic: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow TUN iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A OUTPUT -o tun+ -j ACCEPT # Block All iptables -A OUTPUT -j DROP iptables -A INPUT -j DROP iptables -A FORWARD -j DROP # Block All V6 ip6tables -A OUTPUT -j DROP ip6tables -A INPUT -j DROP ip6tables -A FORWARD -j DROP