+# note, transmission specific thing here is to
+# allow one extra port for transmission-remote, but thats no big deal,
+# might as well use this in general for openvpn-nn
+
# format from iptables-save. [0:0] are comments of packet-count/byte-count
# which I removed
*filter
# from ip route, we can deduce that traffic goes to the
# local 10.8.0.x tun0, then to the normal interface.
# For the normal interface, we allow only some ports:
-# dns, vpn, transmission-remote.
+# dns for root user, vpn, and transmission-remote.
# dns is only used to resolve the vpn server ip on initial
# connection.
# rules are mirror on input and output, just for extra safety,
-A OUTPUT -p tcp -m tcp --dport 53 -m owner --uid-owner root -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
+# transmission-remote
-A OUTPUT -p tcp -m tcp --sport 9091 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9091 -j ACCEPT