Hello, on ubuntu 16.04.4 my default iptables 1.6 policy for the INPUT & OUTPUT chain is DROP and i would like to add ACCEPT/ALLOW rule for local LAN IPs (so i can connect to lan and other LAN devices to me), i read some articles and they suggest example:
iptables -A INPUT 192.168.0.0/24 -j ACCEPT
iptables -A OUTPUT 192.168.0.0/24 -j ACCEPT
linux said:
ping: sendmsg: Operation not permitted
the reason was probably that the UFW firewall was not knowing about that rules.
So i want to ask how to allow it in UFW?
I tried: ufw allow out from 192.168.0.0/16 to 192.168.0.0/16
and it works to ping LAN IPs. Is it correct rule?
Next issue i see is if i stop ufw, then computer somehow bypass the VPN and connect directly. Even VPN is enabled (via OS built in connectivity manager, not using any vpn client).
When ufw is started, then per the ufw rules, only VPN connectivity is allowed and rest is blocked, so when i disable VPN, computer loose connectivity to the internet.
How can i prevent this IP leak during ufw being terminated/stopped/dead ?
Aim is not to allow bypassing VPN except LAN connections. Thank You
iptables -A INPUT 192.168.0.0/24 -j ACCEPT
iptables -A OUTPUT 192.168.0.0/24 -j ACCEPT
linux said:
ping: sendmsg: Operation not permitted
the reason was probably that the UFW firewall was not knowing about that rules.
So i want to ask how to allow it in UFW?
I tried: ufw allow out from 192.168.0.0/16 to 192.168.0.0/16
and it works to ping LAN IPs. Is it correct rule?
Next issue i see is if i stop ufw, then computer somehow bypass the VPN and connect directly. Even VPN is enabled (via OS built in connectivity manager, not using any vpn client).
When ufw is started, then per the ufw rules, only VPN connectivity is allowed and rest is blocked, so when i disable VPN, computer loose connectivity to the internet.
How can i prevent this IP leak during ufw being terminated/stopped/dead ?
Aim is not to allow bypassing VPN except LAN connections. Thank You