Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

removed unnecessary + dangerous iptables rule

Browse Source
This commit is contained in:
john-david-r-smith 2016-05-26 08:42:25 +02:00
parent bed89b7eab
commit a9ae590f6f
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
configuration/vpn.md
View File

@ -112,10 +112,6 @@ You need an openvpn server and a DNS server accessible through the vpn (use one
`iptables -I FORWARD -i eth0 -j DROP` `iptables -I FORWARD -i eth0 -j DROP`
This blocks forwarding of connections through your plain network device (in case the vpn tunnel breaks). This blocks forwarding of connections through your plain network device (in case the vpn tunnel breaks).
`iptables -I FORWARD -o $DEV -j ACCEPT`
This allows forwarding of connections through the vpn. (So other AppVMs can use it)
`iptables -t nat -I PR-QBS -p udp --dport 53 -j DNAT --to-destination $DNS` `iptables -t nat -I PR-QBS -p udp --dport 53 -j DNAT --to-destination $DNS`
`iptables -t nat -I PR-QBS -p tcp --dport 53 -j DNAT --to-destination $DNS` `iptables -t nat -I PR-QBS -p tcp --dport 53 -j DNAT --to-destination $DNS`
This will rewrite the DNS destination, and the traffic will be routed down the vpn tunnel. (to prevent DNS leaks) This will rewrite the DNS destination, and the traffic will be routed down the vpn tunnel. (to prevent DNS leaks)