Make CSF work with OpenVPN

To make CSF work with OpenVPN, you’ll need to create extra iptable rules. We do that by adding them to

nano /etc/csf/

If the file does not exist, you can create it. If it already exists, you should append to it.

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -j SNAT --to-source
  • Replace with your server IP address.
  • You may need to replace with the designated server IP you assigned for your openvpn. Typically that you set in /etc/openvpn/server.conf in CentOS/RHEL. is the default.
  • If  your network interface is different, you may also need to replace eth0 with another. Run ifconfig to check.

Make sure to open the OpenVPN port from line TCP_IN on csf config file /etc/csf/csf.conf