I want to block access to certain websites/IP's for all clients connected to VPN (pptpd or OpenVPN).
This rule:
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -d IP_address -j REJECT
is working only locally.
Server (ping test) can't access blocked IP but clients via VPN can.
How can I block all traffic to specified IP for VPN clients?
Best Answer
The
OUTPUT
chain only applies to locally generated packets. For packets that are routed via the system, one needs to use theFORWARD
chain.So, you need to use this command: