How to use fw-rules.sh?

[PennyLook]

Hello,
I could not find information anywhere regarding the configuration of fw-rules.sh ~/openvpn/fw-rules.sh

how can I configure this so that clients do not have contact with each other and at the same time have access to the Internet?

Some example was described here

But I don't know if there is something I need to do on the client side, and whether it is the same running this script?

I think that, it's strange to add iptables on the OpenVPN server, because I can't access openvpn clients from the server.

[d3vilh]

Hi Penny,
The ~/openvpn/fw-rules.sh will be executed with container start, so it can have regular iptables chains/commands like in example following by link:

iptables -A FORWARD -s 10.0.70.88 -d 10.0.70.77 -j DROP
iptables -A FORWARD -d 10.0.70.77 -s 10.0.70.88 -j DROP

This lines isolate traffic exchange from 10.0.70.88 to 10.0.70.77 and vice versa, so both clients will still have full access to the subnets except the fact they can't see each other when connected.

You can include literally anything in this file, any linux commands and even write a small script, so it will run when container starts.