OpenVPN Iptables Rules

Posted on November 3, 2020 at 11:55 am

Here are “iptables -S” rules for OpenVPN server:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -i ens2 -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -i tun0 -o ens2 -j ACCEPT
-A FORWARD -i ens2 -o tun0 -j ACCEPT

You can allow only safe IP addresses to use OpenVPN (order is important):

iptables -A INPUT -s 1.2.3.4/32 -i ens2 -p udp -m udp --dport 1194 -j ACCEPT
iptables -A INPUT -i ens2 -p udp -m udp --dport 1194 -j DROP

First you add the ACCEPT rules and at the end you add the DROP rule.

Here is an example of final iptables rules:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i tun0 -j ACCEPT
iptables -A INPUT -s 1.2.3.4/32 -i ens2 -p udp -m udp --dport 1194 -j ACCEPT
iptables -A INPUT -i ens2 -p udp -m udp --dport 1194 -j DROP
-A FORWARD -i tun0 -o ens2 -j ACCEPT
-A FORWARD -i ens2 -o tun0 -j ACCEPT

Overwrite 1.2.3.4 with your IP and change port 1194 accordingly.

You may also replace ens2 with your ethernet network interface (e.g eth0).

Here is the list of iptables NAT rules:

-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-A POSTROUTING -s 10.8.0.0/24 -o ens2 -j MASQUERADE

Updated on November 6, 2020 at 7:16 pm

Receive updates via email

Other Posts

Updated Posts