Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am having trouble connecting to my openvpn server from my desktop. I am not proficient in iptables at all but i have managed to set up a simple iptables ruleset. The default policy is drop and the rules included are:
sudo iptables -A INPUT -i enp2s0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i enp2s0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i enp2s0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i enp2s0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -p udp -i enp2s0 --sport 53 -j ACCEPT
sudo iptables -A INPUT -p udp -i enp2s0 --sport 53 -j ACCEPT
sudo iptables -A OUTPUT -o enp2s0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o enp2s0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o enp2s0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o enp2s0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -p udp -o enp2s0 --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p udp -o enp2s0 --dport 53 -j ACCEPT
Can someone please help me getting my openvpn connection through my firewall.
It seems i have not explained myself very well in my opening post. So let's try it again. I am trying to connect from my desktop (client) to a vpn provider (protonvpn). The rules listed above are my iptables rules. Because my default policy is DROP, i can not connect to my vpn provider. I am looking for a set of rulkes that let's my computer connect to my vpn provider. As of now iptables blocks this (as i have not yet added rules to allow this). But as i stated above, i am not very proficient in iptabes so i am looking for some help. I have looked extensively but i can not find it. So can someone help me put a set of rules together that will allow my firewall to connect to my vpn provider?
I am currently using debian as my default distro. I got the rules from the internet and from a course i am taking on cybersecurity. It introduced me to iptables, but i am not really proficient in it yet.
I am currently using debian as my default distro. I got the rules from the internet and from a course i am taking on cybersecurity. It introduced me to iptables, but i am not really proficient in it yet.
Fair enough. IMHO, the rules seem very inefficient. Generally, I would just allow all established connections. Simple and efficient. I also don't understand a default drop policy on output for normal computers. Generally, you trust yourself
But I am not a security expert... I no longer even play one in real life.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.