Force VPN Traffic On TUN Adapter

July 5, 2017 / Yair Krauze / Leave a comment

When using a local VPN server, it is advisable to segregate internal and external network traffic over the different interfaces. Configure internal traffic over eth0 and external traffic over tun0.

Continue reading →

Make IPTables Rules Permanent

June 28, 2017 / Yair Krauze / Leave a comment

To make iptables rules permanent, we need to save them to a configuration files and ensure they are restored on each boot. The following assumes that the current rules enabled are those to be made permanent. Save current rules to config file

sudo sh -c "iptables-save > /etc/iptables.conf"

1	sudo sh -c "iptables-save > /etc/iptables.conf"

Edit /etc/rc.local as root and add the following

# Load iptables rules from config file
iptables-restore < /etc/iptables.conf

1 2	# Load iptables rules from config file iptables-restore < /etc/iptables.conf

Continue reading →

Use IPSet to Block Multiple IPs

May 6, 2017 / Yair Krauze / Leave a comment

Instead of adding individual IP addresses that need to be blocked to IPTables, it is easier to maintain a a single blacklist using IPSet and reference it in IPTables. Install IPSet

sudo apt-get install ipset

1	sudo apt-get install ipset

Create the blacklist list

sudo ipset create blacklist hash:ip hashsize 4096

1	sudo ipset create blacklist hash:ip hashsize 4096

Tell IPTables to reference the newly created list

sudo iptables -I INPUT -m set --match-set blacklist src -j DROP
sudo iptables -I FORWARD -m set --match-set blacklist src -j DROP

1 2	sudo iptables -I INPUT -m set --match-set blacklist src -j DROP sudo iptables -I FORWARD -m set --match-set blacklist src -j DROP

Add an IP to the list to test

sudo ipset add blacklist 192.168.10.10

1	sudo ipset add blacklist 192.168.10.10

…

Continue reading →

RandomDevStuff

Tag: iptables

Force VPN Traffic On TUN Adapter

Make IPTables Rules Permanent

Use IPSet to Block Multiple IPs