From 959b4a3b08109ef3960aa7461f0fd0b1c65615cf Mon Sep 17 00:00:00 2001 From: Matt VerLee Date: Thu, 1 Feb 2018 23:37:56 -0700 Subject: [PATCH] Updated OpenVPN server: Firewall configuration (using iptables) (markdown) --- ...VPN-server:-Firewall-configuration-(using-iptables).md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/OpenVPN-server:-Firewall-configuration-(using-iptables).md b/OpenVPN-server:-Firewall-configuration-(using-iptables).md index d49b11e..ce07278 100644 --- a/OpenVPN-server:-Firewall-configuration-(using-iptables).md +++ b/OpenVPN-server:-Firewall-configuration-(using-iptables).md @@ -57,9 +57,9 @@ Since you're `:head-desk:`ing with `iptables`, you can also use this opportunity > Why doesn't Pi-hole just use a certificate to prevent this? The answer is [here](https://discourse.pi-hole.net/t/slow-loading-websites/3408/12). ``` -iptables -A INPUT -p udp --dport 80 -j REJECT -- reject-with icmp-port-unreachable +iptables -A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable iptables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset -iptables -A INPUT -p udp --dport 443 -j REJECT -- reject-with icmp-port-unreachable +iptables -A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable ``` Depending on the systems you have connecting, you may benefit from appending `--reject-with tcp-reset` to the command above. If you still get slow load times of HTTPS assets, the above may help. @@ -79,9 +79,9 @@ ip6tables -A INPUT -p tcp --destination-port 1194 -j ACCEPT ip6tables -A INPUT -p udp --destination-port 1194 -j ACCEPT ip6tables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ip6tables -I INPUT -i lo -j ACCEPT -ip6tables -A INPUT -p udp --dport 80 -j REJECT -- reject-with icmp-port-unreachable +ip6tables -A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable ip6tables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset -ip6tables -A INPUT -p udp --dport 443 -j REJECT -- reject-with icmp-port-unreachable +ip6tables -A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable ip6tables -P INPUT DROP ``` View the rules you just created