I have a VPN, and my server frequently sends data to a private IP address that routes over the VPN. When the OpenVPN gets established or dies, it enables/disables the routes.
I want to null-route that private IP range from going out over the main Internet interface (eth0). Is there an easy way to do that without interfering with the route commands coming from the VPN software?
Iptables won't do it. I tried
iptables -A OUTPUT -i eth0 -p tcp -d 192.168.0.0/16 -j REJECT
But iptables does not work when specifying an interface in the output chain.
Anyone know if there is a way to add a dummy route onto a specific interface (eth0) only, without interfering with other interfaces that may be using that route?
Ps- I am aware 192.168.0.0/16 is not INTERNET routeable, but for security reasons, want to ensure no data gets out in the rare chance another local server or network device starts listening on the private subnet.