OpenWRT: iptables-based Firewall Rules for PPTP and IPsec

Just a handy little reference for myself. #Internal PPTP Server vpnserver="" iptables -N pptp iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j ACCEPT iptables -A pptp -p gre --dst $vpnserver -j ACCEPT iptables -I FORWARD -j pptp iptables -t nat -N pptp iptables -t nat -A pptp -i $WAN -p tcp --dport 1723 -j DNAT --to $vpnserver iptables -t nat -A pptp -i $WAN -p 47 -j DNAT --to $vpnserver iptables -t nat -A PREROUTING -j pptp

### Gateway Router-based IPSEC VPN # allow IPSEC iptables -A input_rule -p esp -j ACCEPT # allow ISAKMP iptables -A input_rule -p udp -m udp --dport 500 -j ACCEPT # allow NAT-T iptables -A input_rule -p udp -m udp --dport 4500 -j ACCEPT # disable NAT for communications with remote LAN iptables -t nat -A postrouting_rule -d -j ACCEPT # Allow any traffic between tunnel LANs iptables -A forwarding_rule -i $LAN -o ipsec0 -j ACCEPT iptables -A forwarding_rule -i ipsec0 -o $LAN -j ACCEPT