On 03.04.24 13:30, Ralf Hildebrandt via Openvpn-users wrote:
I don't see such an option in the docs (for 2.6, to be precise), but let me ask a question for clarification: Does your setup answer requests to a now-disabled IP with some explicit denial (ICMP UNREACHABLE, RST, whatever),No, since the machine might still be active and serving existing openvpn sessions (basically we'd like to keep serving existing clients and disallow new clients)
... well, that wouldn't keep me from trying something along the lines of iptables -I INPUT -p tcp --dport $MYPORT -m state --state NEW -j REJECT iptables -I INPUT -p udp --dport $MYPORT -m state --state NEW -j REJECT but YMDOPMV¹ ...Note, however, that this interprets your term "new client" so as to include clients that *were* connected seconds ago, but choose to *re*connect for whatever reason.
¹ "Your Mileage, Distro, and Other Parameters May Vary" Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users