<div dir="ltr">So, if a roadwarrior is running a Linux laptop with iptables, what would be a good recommendation to secure the device from those on the network (internet or local lan) from using that device as a router (since ip_forward has to be enabled anyway). The device would not do NAT, so it would be a straight connection for the tunnel. I've looked at the examples in the book which assume a known IP for both ends. I could just leave off the local IP and have the INPUT and OUTPUT chains specify only the remote end (known IP). Would this be adequate? <br>
<br>I don't want someone setting up a route to use the network interface of the Linux machine to then hop through the tunnel and onto a secure internal network.<br><br><br></div>