0

I set up a PPTP client in Ubuntu. Filter iptables denies network access to everything except TOR and PPTP client.

 *filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A OUTPUT -d 127.0.0.1/32 -j ACCEPT
-A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT
-A INPUT -i pptp -j ACCEPT
-A OUTPUT -i pptp -j ACCEPT
COMMIT

As a result, I receive an error

Can't use -i with OUTPUT

What am I doing wrong?

squillman
  • 37,883
  • 12
  • 92
  • 146
Patrik
  • 1
  • 3
    Exactly what the error message says. The interface option is not valid in the output chain. Read The Fine Manual: ***-i** "Name of an interface via which a packet was received (only for packets entering the INPUT, FORWARD and PREROUTING chains).* – HBruijn Oct 15 '14 at 19:20
  • Are you sure the name of the interface is `pptp` and not something like `ppp0`? – Zoredache Oct 15 '14 at 21:18

1 Answers1

1

The -i option is to specify an input interface. Obviously it's nonsense in the OUTPUT chain. Use the -o option instead.

Xavier Lucas
  • 13,095
  • 2
  • 44
  • 50