@@ -449,6 +449,8 @@ Cmds firewall_rules_cmds(int is_server)
449449 "ip addr add $LOCAL_TUN_IP peer $REMOTE_TUN_IP dev $IF_NAME" ,
450450 "ip -6 addr add $LOCAL_TUN_IP6 peer $REMOTE_TUN_IP6/96 dev $IF_NAME" ,
451451 "ip link set dev $IF_NAME up" ,
452+ "iptables -t raw -I PREROUTING ! -i $IF_NAME -d $LOCAL_TUN_IP -m addrtype ! "
453+ "--src-type LOCAL -j DROP" ,
452454 "iptables -t nat -A POSTROUTING -o $EXT_IF_NAME -s $REMOTE_TUN_IP -j MASQUERADE" ,
453455 "iptables -t filter -A FORWARD -i $EXT_IF_NAME -o $IF_NAME -m state --state "
454456 "RELATED,ESTABLISHED -j ACCEPT" ,
@@ -458,7 +460,10 @@ Cmds firewall_rules_cmds(int is_server)
458460 "iptables -t nat -D POSTROUTING -o $EXT_IF_NAME -s $REMOTE_TUN_IP -j MASQUERADE" ,
459461 "iptables -t filter -D FORWARD -i $EXT_IF_NAME -o $IF_NAME -m state --state "
460462 "RELATED,ESTABLISHED -j ACCEPT" ,
461- "iptables -t filter -D FORWARD -i $IF_NAME -o $EXT_IF_NAME -j ACCEPT" , NULL
463+ "iptables -t filter -D FORWARD -i $IF_NAME -o $EXT_IF_NAME -j ACCEPT" ,
464+ "iptables -t raw -D PREROUTING ! -i $IF_NAME -d $LOCAL_TUN_IP -m addrtype ! "
465+ "--src-type LOCAL -j DROP" ,
466+ NULL
462467 };
463468#elif defined(__APPLE__ ) || defined(__OpenBSD__ ) || defined(__FreeBSD__ ) || \
464469 defined(__DragonFly__ ) || defined(__NetBSD__ )
0 commit comments