|
|
On Thu, 2005-08-04 at 08:24 -0400, Yaoning Tao wrote: > In my case. I want to set the iptables policy as block everything and only > open UDP 1194, when system starts. If there are some remote users connect to > with the OpenVPN, the server could generate the firewall rules according > user's IP address. Server will delete these rules when user disconnect with > the server. So I only open my server to receive traffic when trusted user > connects with server. > > Is it possible to implement this goal? Absolutely. On a "learn-address add", add an ALLOW rule; on a "learn-address delete", delete the rule; on a "learn-address update", update it to use the new IP. The man page should provide more than adequate documentation on this process. One thing in addition: When OpenVPN is started or stopped, I would recommend flushing the iptables rules and restoring their initial state as a safeguard. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |