OpenVPN: Only Forward Traffic Within VPN



  • I am attempting to configure my PFSense Firewall rules to forward all traffic originated by the OpenVPN interface and block all other traffic when/if it goes down.  I accomplished this on a Linux firewall I was running previously through IPtables.  How would I do the same as the rules below in pfsense?  Also, why is there no "source port" option in pfsense firewall GUI rules?  FYI I've already configured the OpenVPN and proper NAT, I just can't seem to figure out the proper firewall rules based on the logic.

    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -p udp -m udp –sport 53 -j ACCEPT
    -A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
    -A INPUT -j DROP
    -A FORWARD -j DROP
    -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
    -A OUTPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
    -A OUTPUT -j DROP
    COMMIT

    Completed on Thu Jan 14 11:13:06 2016

    Generated by iptables-save v1.4.7 on Thu Jan 14 11:13:06 2016

    *nat
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A POSTROUTING -s 192.168.2.2/32 -o tun0 -j MASQUERADE
    COMMIT



  • Have a look at /index.php?topic=105810.0. You may be able to adapt the details there to your requirements.


Log in to reply