Menu
What's new
By:
Filters Better Search

Modifying OpenVPN firewall/iptables rule?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Chris H

Chris H

New Around Here
I've noticed that a handful of IPs seem to be repeatedly trying to connect to my (asuswrt-merlin powered) router's OpenVPN server. I'm not too worried about it since I'm using key + password authentication, but I set up a simple ipset integration in "firewall-start" to block them anyway.

Unfortunately it looks like the iptables rule that's created for openvpn purposes is taking precedence; it's number 1 in the INPUT chain, right above my blacklist match:

Code: 
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:1194
2    DROP       all  --  0.0.0.0/0            0.0.0.0/0            match-set jchblacklistnet src

Can someone recommend the best way to move this rule so that my blacklist takes precedence? Always removing rule #1 in my user script seems fragile, as does any kind of grepping the output of iptables, but that's the closest I've seen in searching other threads here.
 
This was discussed here. Particularly note "EDIT 3".

An alternate solution is to change OpenVPN to use a non-standard port.
 
You must log in or register to reply here.

Similar threads

octopus
  • Locked
Solved Can you connect to Wireguard server from wan side?
Replies
17
Views
1K
octopus
octopus
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
1K
Don->
D
W
Restricting access to OpenVPN server via iptables
Replies
2
Views
1K
wrtuser
W
K
Can't get SNAT/MASQ to work.
2
Replies
24
Views
2K
eibgrad
eibgrad
P
Port Forwarding Transmission with AirVPN
Replies
2
Views
775
pavlfz
P
Similar threads
Thread starter Title Forum Replies Date
E OpenVPN TAP internet access problem Asuswrt-Merlin 0
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
R OpenVPN keeps on turning itself off Asuswrt-Merlin 37
M Best router for wireguard or openVPN Asuswrt-Merlin 1
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
A Upgraded my ASUS, issues with NordVPN via OpenVPN Asuswrt-Merlin 4
G openvpn server: can not change/select data cipher Asuswrt-Merlin 1
Blankedy AC86U OpenVPN server whilst in AP mode Asuswrt-Merlin 3
M For AX68U and AX86S Merlin users: openvpn server - max user qty? Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 917 (members: 26, guests: 891)
Top