-
Notifications
You must be signed in to change notification settings - Fork 0
OpenVPN
Hunter Wu edited this page Jan 16, 2019
·
1 revision
/etc/sysctl.conf
net.ipv4.ip_forward=1
iptables -I FORWARD -i tun+ -o eth0 -j ACCEPT
iptables -I FORWARD -i eth0 -o tun+ -j ACCEPT
# Generated by iptables-save v1.4.7 on Fri Jul 7 06:26:20 2017
*nat
:PREROUTING ACCEPT [14806608:1366533293]
:POSTROUTING ACCEPT [3493251:227860710]
:OUTPUT ACCEPT [3354849:219415892]
-A POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Jul 7 06:26:20 2017
# Generated by iptables-save v1.4.7 on Fri Jul 7 06:26:20 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [2136371934:1485452146031]
:OUTPUT ACCEPT [1242265064:1379442439050]
-A INPUT -p tcp -m tcp --sport 6060 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -s 10.0.0.0/8 -j ACCEPT
-A INPUT -s 10.51.0.0/16 -j ACCEPT
-A INPUT -s {{MY.IP.ADDRESS.HERE}}/32 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -s 192.168.0.0/16 -d 192.168.0.1/32 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -p udp -m udp --dport 53 -j DROP
-A FORWARD -s 192.168.0.0/16 -p tcp -m tcp --dport 22 -j DROP
-A FORWARD -s 192.168.0.0/16 -d 10.0.0.0/8 -j DROP
-A FORWARD -m string --string "account.sonyentertainmentnetwork.com" --algo bm --to 65535 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m string --string "auth.api.np.ac.playstation.net" --algo bm --to 65535 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m string --string "auth.api.sonyentertainmentnetwork.com" --algo bm --to 65535 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m string --string "auth.np.ac.playstation.net" --algo bm --to 65535 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m string --string "BitTorrent" --algo bm --to 65535 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -p udp -m string --string "BitTorrent" --algo bm --to 65535 -j DROP
-A FORWARD -p udp -m string --string "BitTorrent protocol" --algo bm --to 65535 -j DROP
-A FORWARD -p udp -m string --string "peer_id=" --algo bm --to 65535 -j DROP
-A FORWARD -p udp -m string --string ".torrent" --algo bm --to 65535 -j DROP
-A FORWARD -p udp -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP
-A FORWARD -p udp -m string --string "torrent" --algo bm --to 65535 -j DROP
-A FORWARD -p udp -m string --string "announce" --algo bm --to 65535 -j DROP
-A FORWARD -p udp -m string --string "info_hash" --algo bm --to 65535 -j DROP
-A FORWARD -p udp -m string --string "tracker" --algo bm --to 65535 -j DROP
-A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -p udp -j ACCEPT
-A OUTPUT -s 192.168.0.0/16 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 6881:6889 -j DROP
-A OUTPUT -s 192.168.0.0/16 -p udp -j DROP
COMMIT
# Completed on Fri Jul 7 06:26:20 2017
-A OUTPUT -m ndpi --bittorrent -j DROP
-A OUTPUT -m ndpi --filetopia -j DROP
-A OUTPUT -m ndpi --fasttrack -j DROP
-A OUTPUT -m ndpi --bittorrent -j DROP
-A OUTPUT -m ndpi --gnutella -j DROP
-A OUTPUT -m ndpi --edonkey -j DROP
-A OUTPUT -m ndpi --thunder -j DROP