W dniu 2022-03-10 13:08, Florian Westphal napisał(a):
Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx> wrote:
is it possible that with the OpenVPN interface tun0 every now and then
some
packets with a private source address are visible and forwarded to the
router?
Yes, NAT is only applied to packets that conntrack considers
sane/valid.
You can e.g. add a drop rule for INVALID packets.
Welcome,
Thank you for your answer.
My question is where do I create a rule for invalid packets? in NAT
POSTROUTING? or MANGLE POSTROUTING or other place leaving the server? I
am waiting for your opinion.
--
Marcin Kabiesz
Administrator Sieci IT