How can I check that the firewall is disabled for a TUN/TAP interface?

Question

while trying to diagnose a UDP multcast issue on an OpenVPN client configuration and I've come across this block in the config file:

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

UFW does not seem to be installed (the ufw command is not found). What else should I check in order to ensure that this condition is met? Is my router's NAT configuration relevant?

Many thanks, blz

score 1 · Accepted Answer · answered May 28 '16 at 01:35

Display IPv4 firewall rules:

iptables -L -nv - look at input chain,
iptables -P INPUT ACCEPT - this will change firewall policy to accept all packets,
iptables -F INPUT - flushing (deleting) all rules from the INPUT chain.

IPv6: Same parameters different command, instead iptables use ip6tables.

The above will ensure that packet filtering won't touch your traffic.

How can I check that the firewall is disabled for a TUN/TAP interface?

1 Answers1