Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

On Linux, I use a shell script like this:

   servers=( ip1 ip2 ip3 ... )
   
   # Can fwd over internal network
   iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT

   # Can fwd over loopback
   iptables -A OUTPUT -o lo -j ACCEPT

   # Can fwd over the tunnel
   iptables -A OUTPUT -o tun0 -j ACCEPT

   # Can send packets to VPN
   for server in "${servers[@]}"; do
      echo "Installing rules for $server"
      iptables -A OUTPUT -d $server -j ACCEPT
   done

   # Otherwise drop
   iptables -A OUTPUT -j DROP
Use it with a package like iptables-persistent so you don't have to run this every time at boot.


You can do this without IPtables, just make wlan0/eth0 the host route for $server and then make the default gateway the tunnel interface. Decent OpenVPN clients do this by default.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: