Menu
▾
▴
Re: [Openvpn-users] [ext] Re: DNS Round-robin-records vs. "Preserving recently used remote address"
|
From: Jochen B. <Joc...@bi...> - 2024-04-03 12:16:56
|
On 03.04.24 13:30, Ralf Hildebrandt via Openvpn-users wrote: >> I don't see such an option in the docs (for 2.6, to be precise), but let me >> ask a question for clarification: Does your setup answer requests to a >> now-disabled IP with some explicit denial (ICMP UNREACHABLE, RST, whatever), > > No, since the machine might still be active and serving existing > openvpn sessions (basically we'd like to keep serving existing clients > and disallow new clients) ... well, that wouldn't keep me from trying something along the lines of iptables -I INPUT -p tcp --dport $MYPORT -m state --state NEW -j REJECT iptables -I INPUT -p udp --dport $MYPORT -m state --state NEW -j REJECT but YMDOPMV¹ ... Note, however, that this interprets your term "new client" so as to include clients that *were* connected seconds ago, but choose to *re*connect for whatever reason. ¹ "Your Mileage, Distro, and Other Parameters May Vary" Kind regards, -- Jochen Bern Systemingenieur Binect GmbH |