Hello,
I am having some issues setting up iptables. I'd like to block everything except data from the exisiting vpn connection. The vpn connection is established using WireGuard, this is the config file:
[Interface] PrivateKey = xxx Address = 10.71.77.179/32,fc00:bbbb:bbbb:bb01::8:4db2/128 DNS = 193.138.218.74 [Peer] PublicKey = xxx AllowedIPs = 0.0.0.0/0,::0/0 Endpoint = 193.27.14.114:51820 The vpn connection is working, curl ifconfig.me returns 193.27.14.118
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether dc:a6:32:19:09:73 brd ff:ff:ff:ff:ff:ff 4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/none Now I want to use iptables to block everything that's not using the vpn connection. I tried those rules:
iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -s 192.168.178.0/24 -j ACCEPT iptables -A OUTPUT -d 192.168.178.0/24 -j ACCEPT iptables -A INPUT -s 193.27.14.114 -p tcp --sport 51820 -j ACCEPT iptables -A OUTPUT -d 193.27.14.114 -p tcp --dport 51820 -j ACCEPT iptables -A OUTPUT -j DROP iptables -A INPUT -j DROP iptables -A FORWARD -j DROP If I do not filter for the specific ip and port, so only allowing TCP the connection still works, so I guess the WireGuard connection should be using TCP. I also tried filtering only for the ip and only for the port, but this also doesn't work.
What am I doing wrong?
No comments:
Post a Comment