Deny Lan to Wan Default with Whitelist

dietjoe · October 24, 2022, 1:12am

Computer connects to LAN, DietPi on SBC connects to WAN.

I want SBC to whitelist only certain IPs from the computer, which are IPs I use to connect to work using my VPN, I want everything else denied. I don’t care what IPs the DietPi connects to from inside the SBC, such as when updating.

The only exception is I want to be able to access the SBC using Remmina or ssh.

How can I do this?

Joulinar · October 24, 2022, 9:12am

iptables should be able to do this job

dietjoe · October 24, 2022, 11:19am

What would be the ip tables commands?

if work vpn is 1.2.3.4, then

iptables -A OUTPUT -p tcp -d 1.2.3.4 --dport 443 -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP

?