hello everyone … I have a CHR that acts as a vpn server .. at this server there is a client with its own lan that I reach without problems thanks to the routes … but with the routes I reach all the ports of the network .. . if I wanted to reach only the Snmp and icmp ports can I do it with the mangle? or do I have to drop them from the firewall? I thought I was using mangle rules but I don’t know how
I’d just use firewall filter, it’s simple and easy to understand.
Something with mangle rules would be possible too, if you’d add route to remote network in new routing table instead of main one, and then mark routing for selected addresses and ports, to make those packets use this new routing table. But I don’t see any advantage of doing it like this.
yes in fact it is very simple even with the mangle … I tried and I succeeded in two seconds …