OpenVPN server - Restrict access to one LAN IP only

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.


Occasional Visitor
I would like to restrict access from the VPN subnet to NVR IP only. I have tried to "compile" some of the examples from the other threads but this is not working as expected - I'm able to access NVR and e.g. browse the shared folders on my NAS:

openvpn-event script

if [ "$1" = "tun21" ] || [ "$1" = "tun22" ]
logger -t openvpn-event "Apply additional firewall rules for NVR"
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s -d NVRIP -p tcp --dport 554 -j ACCEPT
iptables -I FORWARD -s -d NVRIP-p udp --dport 554 -j ACCEPT
iptables -I FORWARD -s -d NVRIP -p udp --dport 8000 -j ACCEPT
iptables -I FORWARD -s -d NVRIP-p tcp --dport 8000 -j ACCEPT
iptables -I FORWARD -s -j DROP

Can anyone help me with the correct iptables command syntax/order please?
Thank you.


Senior Member
not sure if this will help, but I would replace NVRIP by its ip address (has to be a static one). Besides that in the above, 3rd and 5th iptables statment are missing a blank before -p option ...

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!