1

More specifically, I push the route for 5 websites to the clients via the server config. However, I would like to block CLIENTS's access to one of these websites on an ad-hoc basis. In order to achieve this I understand that I have to edit the SERVER's iptables (directly or via ufw).

Unfortunately, I cannot manage to find the right way to do it! The most promising rule I found is

-A FORWARD -m state --state NEW,ESTABLISHED,RELATED -d X.X.X.X -j REJECT

But that does not work. Maybe I am not putting the rule in the appropriate segment of ufw's before rules.

Also various rules of the OUTPUT chain seem worthless.

All other efforts (editing hosts, adding different rules in ufw, etc.) result in the server not being able to access the website, but with the clients unaffected by the rule!

To my surprise I cannot find a suggestion that works, although I thought that website access-control on a VPN would be a trivial issue.

skifast
  • 21
  • 1
  • You need to give more details. Showing us a single iptables rule divorced from context isn't very useful. Is there some other rule before that rule that would permit traffic. Where is the web site hosted. Perhaps [try adding a TRACE rule](https://serverfault.com/questions/122157/debugger-for-iptables/126079#126079) temporarily if you can with UFW so that you can see what is going on. – Zoredache Jan 30 '19 at 19:28

0 Answers0