1

I want to block access to certain websites/IP's for all clients connected to VPN (pptpd or OpenVPN).

This rule:

iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED  -d IP_address -j REJECT

is working only locally. Server (ping test) can't access blocked IP but clients via VPN can.
How can I block all traffic to specified IP for VPN clients?

Jakub Wolski
  • 13
  • 1
  • 3

1 Answers1

4

The OUTPUT chain only applies to locally generated packets. For packets that are routed via the system, one needs to use the FORWARD chain.

So, you need to use this command:

iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -d IP_address -j REJECT
Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58