From e94f4af5d4db37506b283116f66a1b7fef80832d Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 8 Jan 2017 14:42:29 +0100 Subject: [PATCH] Updated Pi hole OpenVPN server (markdown) --- Pi-hole---OpenVPN-server.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Pi-hole---OpenVPN-server.md b/Pi-hole---OpenVPN-server.md index 1000201..9f62a04 100644 --- a/Pi-hole---OpenVPN-server.md +++ b/Pi-hole---OpenVPN-server.md @@ -109,12 +109,16 @@ Then you can add an explicit rule that allows access from within the VPN ``` sudo iptables -A INPUT -i tun0 -p tcp --destination-port 53 -j ACCEPT sudo iptables -A INPUT -i tun0 -p tcp --destination-port 80 -j ACCEPT +sudo iptables -A INPUT -i tun0 -p udp --destination-port 53 -j ACCEPT +sudo iptables -A INPUT -i tun0 -p udp --destination-port 80 -j ACCEPT ``` And another one that prevents access from everywhere else ``` sudo iptables -A INPUT -p tcp --destination-port 53 -j DROP sudo iptables -A INPUT -p tcp --destination-port 80 -j DROP +sudo iptables -A INPUT -p udp --destination-port 53 -j DROP +sudo iptables -A INPUT -p udp --destination-port 80 -j DROP ``` Your configuration should look like @@ -125,8 +129,12 @@ num target prot opt source destination 2 ACCEPT udp -- anywhere anywhere udp dpt:domain 3 ACCEPT tcp -- anywhere anywhere tcp dpt:domain 4 ACCEPT tcp -- anywhere anywhere tcp dpt:http -5 DROP tcp -- anywhere anywhere tcp dpt:domain -6 DROP tcp -- anywhere anywhere tcp dpt:http +5 ACCEPT udp -- anywhere anywhere tcp dpt:domain +6 ACCEPT udp -- anywhere anywhere tcp dpt:http +7 DROP tcp -- anywhere anywhere tcp dpt:domain +8 DROP tcp -- anywhere anywhere tcp dpt:http +9 DROP udp -- anywhere anywhere tcp dpt:domain +10 DROP udp -- anywhere anywhere tcp dpt:http Chain FORWARD (policy ACCEPT) num target prot opt source destination