OpenVPN: Only Forward Traffic Within VPN
-
I am attempting to configure my PFSense Firewall rules to forward all traffic originated by the OpenVPN interface and block all other traffic when/if it goes down. I accomplished this on a Linux firewall I was running previously through IPtables. How would I do the same as the rules below in pfsense? Also, why is there no "source port" option in pfsense firewall GUI rules? FYI I've already configured the OpenVPN and proper NAT, I just can't seem to figure out the proper firewall rules based on the logic.
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m udp –sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A OUTPUT -j DROP
COMMITCompleted on Thu Jan 14 11:13:06 2016
Generated by iptables-save v1.4.7 on Thu Jan 14 11:13:06 2016
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.2.2/32 -o tun0 -j MASQUERADE
COMMIT -
Have a look at /index.php?topic=105810.0. You may be able to adapt the details there to your requirements.
