aboutsummaryrefslogtreecommitdiff
path: root/share/provision/files/ipredator
diff options
context:
space:
mode:
Diffstat (limited to 'share/provision/files/ipredator')
-rw-r--r--share/provision/files/ipredator/etc/ferm/ferm.conf10
1 files changed, 10 insertions, 0 deletions
diff --git a/share/provision/files/ipredator/etc/ferm/ferm.conf b/share/provision/files/ipredator/etc/ferm/ferm.conf
index d7b97a3..a25a3d2 100644
--- a/share/provision/files/ipredator/etc/ferm/ferm.conf
+++ b/share/provision/files/ipredator/etc/ferm/ferm.conf
@@ -35,6 +35,10 @@
# stick to only those that you really need.
@def $PORT_OPENVPN = (1194 1234 1337 2342 5060);
+# See https://blog.ipredator.se/howto/restricting-transmission-to-the-vpn-interface-on-ubuntu-linux.html
+# Ports Transmission is allowed to use.
+@def $PORT_TRANSMISSION = 16384:65535;
+
# Public DNS servers and those that are only reachable via VPN.
# DNS servers are specified in the outbound DNS rules to prevent DNS leaks
# (https://www.dnsleaktest.com/). The public DNS servers configured on your
@@ -59,6 +63,11 @@
@if $VPN_ACTIVE {
domain ip {
table filter {
+ chain INPUT {
+ interface $DEV_VPN {
+ proto (tcp udp) dport $PORT_TRANSMISSION ACCEPT;
+ }
+ }
chain OUTPUT {
# Default allowed outbound services on the VPN interface.
# If you need more simply add your rules here.
@@ -67,6 +76,7 @@
proto tcp dport $PORT_FTP ACCEPT;
proto udp dport $PORT_NTP ACCEPT;
proto tcp dport $PORT_SSH ACCEPT;
+ proto (tcp udp) sport $PORT_TRANSMISSION ACCEPT;
proto tcp dport $PORT_WEB ACCEPT;
}
}