Need clarification on Staff's post: "Prevent leaks with Linux & iptables"

[thirdworld 1]

Hi Staff,

I refer to your wonderful post "Prevent leaks with Linux & iptables" (https://airvpn.org/topic/9139-prevent-leaks-with-linux-iptables/) and hope you could answer the following questions:

(1) I do not have NAT table.
Question: Can I drop the following from my iptables?

iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE

(2) The rules that you provided in your post.
Question: Can I copy and paste them into /etc/iptables/rules.v4  ??

(3) I downloaded the *.ovpn files (by country) using the Config Generator, having chosen the options "Separate keys/certs from .ovpn file" and "Resolved hosts in .ovpn file".
Question: Can ALL the *.ovpn files be copied to /etc/openvpn/ ??

(4) Below is a portion of the rules that I modified based on your post:

-A OUTPUT -o eth+ ! -d xxx.canada.xxx -j DROP # if destination for outgoing packet on eth+ is NOT a.b.c.d, drop the packet, so that nothing leaks if VPN disconnects
-A OUTPUT -o eth+ ! -d xxx.france.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.germany.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.italy.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.luxembourg.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.netherlands.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.portugal.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.romania.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.singapore.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.spain.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.sweden.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.switzerland.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.united kingdom.xxx -j DROP
-A OUTPUT -o eth+ ! -d xxx.united states.xxx -j DROP

Question: Is the above OK? Or am I only allowed to include one country's specific IP address at any one time? Or is there a neater way to include all the specific IP addresses?

[Guest Chaf]

Please see here:

 

http://bit.ly/19XxiGU