diff options
Diffstat (limited to 'share/provision/files/ipredator/etc/ferm')
| -rw-r--r-- | share/provision/files/ipredator/etc/ferm/ferm.conf | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/share/provision/files/ipredator/etc/ferm/ferm.conf b/share/provision/files/ipredator/etc/ferm/ferm.conf index d7b97a3..a25a3d2 100644 --- a/share/provision/files/ipredator/etc/ferm/ferm.conf +++ b/share/provision/files/ipredator/etc/ferm/ferm.conf @@ -35,6 +35,10 @@ # stick to only those that you really need. @def $PORT_OPENVPN = (1194 1234 1337 2342 5060); +# See https://blog.ipredator.se/howto/restricting-transmission-to-the-vpn-interface-on-ubuntu-linux.html +# Ports Transmission is allowed to use. +@def $PORT_TRANSMISSION = 16384:65535; + # Public DNS servers and those that are only reachable via VPN. # DNS servers are specified in the outbound DNS rules to prevent DNS leaks # (https://www.dnsleaktest.com/). The public DNS servers configured on your @@ -59,6 +63,11 @@ @if $VPN_ACTIVE { domain ip { table filter { + chain INPUT { + interface $DEV_VPN { + proto (tcp udp) dport $PORT_TRANSMISSION ACCEPT; + } + } chain OUTPUT { # Default allowed outbound services on the VPN interface. # If you need more simply add your rules here. @@ -67,6 +76,7 @@ proto tcp dport $PORT_FTP ACCEPT; proto udp dport $PORT_NTP ACCEPT; proto tcp dport $PORT_SSH ACCEPT; + proto (tcp udp) sport $PORT_TRANSMISSION ACCEPT; proto tcp dport $PORT_WEB ACCEPT; } } |