我有安装在 Ubuntu VM 中的 PPTP 服务器。Ubuntu 主机配置为将 VPN 流量从外部客户端传递到此 VM 到内部服务器资源。现在我需要阻止这些 VPN 客户端访问特定的外部 IP 地址或端口。我怎么能这样做?
我尝试使用以下规则删除主机上的所有输出流量:
iptables -I OUTPUT -p udp --dport 9999 -j DROP
但它不适用于 VPN 客户端。使用 PPTP 将此规则添加到 VM 也不起作用。我怎么能阻止这样的连接?
主机上的当前 iptables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT tcp -- anywhere anywhere ctstate RELATED,ESTABLISHED tcp dpt:1723
ACCEPT gre -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT udp -- anywhere anywhere udp 9999 reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere vpn state NEW tcp dpt:1723
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT tcp -- anywhere anywhere ctstate NEW,RELATED,ESTABLISHED tcp dpt:1723
ACCEPT gre -- anywhere anywhere ctstate NEW,RELATED,ESTABLISHED
REJECT udp -- anywhere anywhere udp 9999 reject-with icmp-port-unreachable