Timeline for iptables - How do I restrict access to just local devices on the network?
Current License: CC BY-SA 4.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 5, 2023 at 1:15 | comment | added | espresso fan | I guess I vaguely understand, but only vaguely. I am unsure what I am supposed to be doing here to fix the problem, unfortunately, as I don't understand what you are telling me to do. Since I don't have any knowledge of such syntax or in depth knowledge of the program. Thanks for letting me know I have it backwards, but I am looking for assistance still if anyone else sees this. Thanks anyways! | |
| Aug 4, 2023 at 20:31 | comment | added | grawity_u1686 | You still don't have a rule that would allow the WireGuard packets to come out of the server – previously you had it in 'INPUT', now you have it in 'FORWARD', but you still don't have anything in 'OUTPUT'... i.e. you got it completely backwards. The "outer" WireGuard packets are input/output (they are consumed and generated by WG on the server); the "inner" tunneled packets from/to LAN are what's being forwarded. | |
| Aug 4, 2023 at 20:30 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
added 205 characters in body
|
| Aug 4, 2023 at 20:15 | comment | added | espresso fan |
Thank you very much for the quick reply - as mentioned I am a novice user trying to learn! I am not sure if this is what you mean, but I tried: iptables -I OUTPUT -d 192.168.0.0/16 -j ACCEPT; iptables -P OUTPUT DROP iptables -A FORWARD -p udp -m udp --sport ##### -j ACCEPT iptables -A FORWARD -p udp -m udp --dport ##### -j ACCEPT instead, and still no response on that port from the outside world. Still never gets past the trying to connect stage. Did I do it wrong?
|
|
| Aug 4, 2023 at 20:09 | history | answered | grawity_u1686 | CC BY-SA 4.0 |