|
|
On Jan 4, 2008 6:06 AM, Jan Just Keijser <janjust@xxxxxxxxx> wrote: > Hi Marco, > > please explain: > > "with Client-to-client deactivated all clients can only see the server" > > that's exactly what it is supposed to do... this means all > client-to-client traffic IS blocked. Isn't that what you wanted? > I agree, filtering client-to-client traffic is not possible (either in > tun or tap mode) but blocking is definitely possible. Note that blocking > client-to-client traffic will and should also imply that all > broadcast/multicast traffic is blocked. That's the way it is supposed to > work ;-) This should be possible. What you need is not iptables, but ebtables! Iptables as the name suggests, will allow you to filter only IP packets :). Ebtables on the other hand is built for bridging. I suggest you set client-to-client off, and use shorewall/ebtables to setup the filtering on the appropriate interface(s). http://ebtables.sourceforge.net/ Prasanna ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |