Updated OpenVPN server: Firewall configuration (using iptables) (markdown)

2025-05-09 17:34:32 +02:00 · 2018-02-01 23:37:56 -07:00 · 2018-02-01 23:37:56 -07:00 · 959b4a3b08
commit 959b4a3b08
parent 193b4686f8
1 changed files with 4 additions and 4 deletions
--- a/OpenVPN-server:-Firewall-configuration-(using-iptables).md
+++ b/OpenVPN-server:-Firewall-configuration-(using-iptables).md
@ -57,9 +57,9 @@ Since you're `:head-desk:`ing with `iptables`, you can also use this opportunity
 > Why doesn't Pi-hole just use a certificate to prevent this?  The answer is [here](https://discourse.pi-hole.net/t/slow-loading-websites/3408/12).

 ```
-iptables -A INPUT -p udp --dport 80 -j REJECT -- reject-with icmp-port-unreachable
+iptables -A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable
 iptables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset
-iptables -A INPUT -p udp --dport 443 -j REJECT -- reject-with icmp-port-unreachable
+iptables -A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable
 ```

 Depending on the systems you have connecting, you may benefit from appending `--reject-with tcp-reset` to the command above.  If you still get slow load times of HTTPS assets, the above may help.
@ -79,9 +79,9 @@ ip6tables -A INPUT -p tcp --destination-port 1194 -j ACCEPT
 ip6tables -A INPUT -p udp --destination-port 1194 -j ACCEPT
 ip6tables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 ip6tables -I INPUT -i lo -j ACCEPT
-ip6tables -A INPUT -p udp --dport 80 -j REJECT -- reject-with icmp-port-unreachable
+ip6tables -A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable
 ip6tables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset
-ip6tables -A INPUT -p udp --dport 443 -j REJECT -- reject-with icmp-port-unreachable
+ip6tables -A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable
 ip6tables -P INPUT DROP
 ```
 View the rules you just created