Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

removed unnecessary + dangerous iptables rule

Browse Source
This commit is contained in:
john-david-r-smith 2016-05-26 08:42:25 +02:00
parent bed89b7eab
commit a9ae590f6f
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
configuration/vpn.md
View File

@ -112,10 +112,6 @@ You need an openvpn server and a DNS server accessible through the vpn (use one
`iptables -I FORWARD -i eth0 -j DROP`
This blocks forwarding of connections through your plain network device (in case the vpn tunnel breaks).
`iptables -I FORWARD -o $DEV -j ACCEPT`
This allows forwarding of connections through the vpn. (So other AppVMs can use it)
`iptables -t nat -I PR-QBS -p udp --dport 53 -j DNAT --to-destination $DNS`
`iptables -t nat -I PR-QBS -p tcp --dport 53 -j DNAT --to-destination $DNS`
This will rewrite the DNS destination, and the traffic will be routed down the vpn tunnel. (to prevent DNS leaks)