Why Iptables bully my Softether?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
aboka
Posts: 44
Joined: Tue Mar 14, 2017 9:38 am

Why Iptables bully my Softether?

Post by aboka » Sun Jun 07, 2020 3:38 pm

hi, i hv successfully install and run Softether on a Ubuntu vps. and was thinking of securing the vps by using iptables. but the iptables just wont allow SE to work. i tried change the '-P INPUT DROP' to '-P INPUT ACCEPT' then it will work.but that will not be secure right as my understaning the line of to drop anything else not on the ACCEPT. Please advice. Thank you,

root@SG-UBUNTU-1:~# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -j LOG
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.7.0/24 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p udp -m udp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5555 -j ACCEPT
-A INPUT -p udp -m udp --dport 5555 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.7.0/24 -j ACCEPT

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.7.0/24 anywhere to:103.125.217.43

Post Reply