Results 1 to 2 of 2

Thread: iptables - How do I restrict access to just local devices on the network?

  1. #1
    Join Date
    Feb 2007
    Beans
    9

    Question iptables - How do I restrict access to just local devices on the network?

    I have a WireGuard VPN Server running on a Debian 12 host with no problems, listening on a specific UDP port, and all is working great with no issues. I can connect from my phone WireGuard client while on 5G etc and all works as intended.

    However I want to temporarily allow somebody access to this server, but restrict them to only accessing devices on my local network, 192.168.0.x - No access to the public internet once they are connected to the VPN so they can't visit general websites etc. just access devices on 192.168.0.x as needed

    I am just a novice home user and tried this set of commands:

    Code:
    iptables -I OUTPUT -d 192.168.0.0/16 -j ACCEPT; iptables -P OUTPUT DROP
    iptables -A INPUT -p udp -m udp --dport ##### -j ACCEPT
    iptables -A INPUT -p udp -m udp --sport ##### -j ACCEPT
    where ##### is the correct listening port to the outside world. And on the host, generally seems to work as intended - I can communicate with all 192.168.0.0 devices and nothing outside of that scope - only problem is, I can also no longer connect via 5G to ######, my previously working VPN listen port.

    Any assistance would be greatly appreciated, thank you!

    Edit:

    Another user told me to try FORWARD so I tried this but still no change, the daemon did not answer when tried from the outside world

    Code:
    iptables -I OUTPUT -d 192.168.0.0/16 -j ACCEPT; iptables -P OUTPUT DROP
    iptables -A FORWARD -p udp -m udp --sport ##### -j ACCEPT
    iptables -A FORWARD -p udp -m udp --dport ##### -j ACCEPT

  2. #2
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: iptables - How do I restrict access to just local devices on the network?

    All this can be very confusing and could leave you open for, well you know.
    Have a look here: https://www.linode.com/docs/guides/c...with-iptables/
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags | System-info | Forum Guide lines | Arch Linux, Debian Unstable, FreeBSD

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •