Secure VPN web access at 26c3
For all of you who feel a bit uneasy about sending their outgoing traffic through the public WiFi and leaving their interface open to the public group of visitors, here is a small tip on how to setup VPN securely.
Given that the VPN server (which will route our traffic to the world wide web) has the address 132.195.255.200 and the WiFi interface is wlan0, the following IPTables rules make sure that:
- No new connections come in over WiFi
- Outgoing traffic on the WiFi interface is prohibited except for VPN access and the local network (providing DNS and the gateway to the VPN server)
- Everything else is untouched
# Flush tables we care about iptables -F INPUT iptables -F OUTPUT iptables -P INPUT -j ACCEPT iptables -P OUTPUT -j ACCEPT # DROP any new connections from outside, stil lallow all established iptables -I INPUT -i wlan0 -m state --state NEW -j DROP # DROP anything going out over pure WLAN except VPN and the local network ( + DHCP) iptables -I OUTPUT -o wlan0 -d 132.195.255.200 -j ACCEPT iptables -I OUTPUT -o wlan0 -d 81.163.0.0/16 -j ACCEPT iptables -I OUTPUT -o wlan0 -p udp --dport 67 -j ACCEPT iptables -I INPUT -i wlan0 -p udp --dport 68 -j ACCEPT iptables -A OUTPUT -o wlan0 -j DROP
This way, you can feel free to do anything you like without risking your excited fellows taking a too close look 
.
Update 16:45: Added DHCP rule!
